Answer-first summary for fast verification
Answer: Use the AWS Certificate Manager (ACM) console to request a public certificate for the apex top domain example.com and a wildcard certificate for *.example.com., Validate domain ownership for the domain by adding the required DNS records to the DNS provider.
## Explanation **Correct Answers: A and E** **Why A is correct:** - The company needs to secure both the apex domain (example.com) and subdomains (country1.example.com, country2.example.com) - A wildcard certificate (*.example.com) will cover all subdomains including country1.example.com and country2.example.com - The certificate must be **public** since it's for a public-facing website behind an Application Load Balancer - Private certificates are for internal/private resources, not public websites **Why E is correct:** - DNS validation is the recommended method for domain ownership validation in ACM - It's more secure and reliable than email validation - DNS validation involves adding CNAME records to the domain's DNS configuration - This method doesn't require manual intervention like email validation **Why B is incorrect:** - Private certificates are not suitable for public websites. They're designed for internal resources within a private network. **Why C is incorrect:** - Requesting both public and private certificates for the same domain is unnecessary and doesn't address the wildcard requirement for subdomains. **Why D is incorrect:** - While email validation is an option, DNS validation is preferred and more reliable. The option suggests starting with email then switching to DNS, which adds unnecessary complexity. **Key AWS Concepts:** 1. **AWS Certificate Manager (ACM)** provides free SSL/TLS certificates 2. **Wildcard certificates** (*.example.com) secure the main domain and all its subdomains 3. **DNS validation** is the recommended domain verification method 4. **Application Load Balancer** can use ACM certificates for HTTPS termination 5. **Public certificates** are for internet-facing resources, while **private certificates** are for internal resources
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
An international company has a subdomain for each country that the company operates in. The subdomains are formatted as example.com, country1.example.com, and country2.example.com. The company's workloads are behind an Application Load Balancer. The company wants to encrypt the website data that is in transit.
Which combination of steps will meet these requirements? (Choose two.)
A
Use the AWS Certificate Manager (ACM) console to request a public certificate for the apex top domain example.com and a wildcard certificate for *.example.com.
B
Use the AWS Certificate Manager (ACM) console to request a private certificate for the apex top domain example.com and a wildcard certificate for *.example.com.
C
Use the AWS Certificate Manager (ACM) console to request a public and private certificate for the apex top domain example.com.
D
Validate domain ownership by email address. Switch to DNS validation by adding the required DNS records to the DNS provider.
E
Validate domain ownership for the domain by adding the required DNS records to the DNS provider.