Q15 — AWS SCS-C02 Ch.1

Question 15 of 100 | ← Chapter 1

A company needs complete encryption of the traffic between external users and an application. The company hosts the application on a fleet of Amazon EC2 instances that run in an Auto Scaling group behind an Application Load Balancer (ALB). How can a security engineer meet these requirements?

Correct Answer: D. Import a new third-party certificate into AWS Certificate Manager (ACM). Associate the certificate with the ALB. Install the certificate on the EC2 instances.

Explanation

AWS加密场景中,证书管理与负载均衡器的集成是关键。AWS官方文档指出,通过ACM导入第三方证书可绑定到ALB以实现前端HTTPS,同时后端EC2实例需安装相同证书以支持端到端加密。选项D符合此流程:第三方证书导入ACM并关联ALB,EC2安装证书确保全程加密。其他选项涉及不适用服务(Secrets Manager、IAM)或无法导出私钥(ACM签发证书),无法满足双加密通道需求。