Q4 — AWS SCS-C02 Ch.1

Question 4 of 100 | ← Chapter 1

A security engineer is configuring a new website that is named example.com. The security engineer wants to secure communications with the website by requiring users to connect to example.com through HTTPS. Which of the following is a valid option for storing SSL/TLS certificates?

Correct Answer: C. Custom SSL certificate that is stored in AWS Certificate Manager (ACM)

Explanation

SSL/TLS证书管理涉及选择合适的服务存储自定义证书。AWS官方文档指出,AWS Certificate Manager (ACM) 支持上传、管理和部署自定义SSL/TLS证书,并与CloudFront、ELB等服务集成。选项A中的KMS专注于密钥管理而非证书存储;选项B和D提到的默认证书不符合题干“自定义”要求;选项D的S3虽能存储文件,但缺乏ACM的自动化证书管理功能。选项C符合ACM支持自定义证书的核心功能定位。