Q14 — AWS SAA-C03 Ch.3

Question 14 of 65 | ← Chapter 3

Q144. A company is deploying a new public web application to AWS. The application will run behind an Application Load Balancer (ALB). The application needs to be encrypted at the edge with an SSLTLS certificate that is issued by an external certificate authority (CA).The certificate must be rotated each year before the certificate expires.What should a solutions architect do to meet these requirements?

Correct Answer: D. Use AWS Certificate Manager (ACM) to import an SSL/TLS certificate.Apply the certificate to the ALB.Use Amazon EventBridge (Amazon CloudWatch Events) to send a notification when the certificate is nearing expiration. Rotate the certificate manually.

Explanation

The company needs to deploy a new public web application to AWS. The application will run behind an Application Load Balancer (ALB). Also, the application needs to be encrypted at the edge with an SSL/TLS certificate that is issued by an external certificate authority (CA). The certificate must be rotated each year before it expires. AWS Certificate Manager (ACM) is a managed service that makes it easy to provision, manage, and deploy SSL/TLS certificates for use with services like the ALB. However, ACM cannot issue certificates issued by external CAs. Therefore, the best option is to import an SSL/TLS certificate issued by an external CA into ACM. Once the certificate is imported into ACM, it can be applied to the ALB. Amazon EventBridge (Amazon CloudWatch Events) can be used to send a notification when the certificate is nearing expiration. This will remind the operations team to manually rotate the certificate before it expires.