Q14 — AWS SAA-C03 第3章

第 14/65 题 | ← 返回第3章

Q144.一家公司正在向 AWS 部署一个新的公共 Web 应用程序.该应用程序将在应用程序负载均衡器 (ALB) 后面运行.应用程序需要使用外部证书颁发机构 (CA) 颁发的 SSLTLS 证书在边缘进行加密.证书必须在证书过期之前每年轮换一次.解决方案架构师应该怎么做才能满足这些要求?

正确答案: D. 使用 AWS Certificate Manager (ACM) 导入 SSL/TLS 证书.将证书应用到 ALB.使用 Amazon EventBridge (Amazon CloudWatch Events) 在证书即将到期时发送通知.手动轮换证书.

解析

The company needs to deploy a new public web application to AWS. The application will run behind an Application Load Balancer (ALB). Also, the application needs to be encrypted at the edge with an SSL/TLS certificate that is issued by an external certificate authority (CA). The certificate must be rotated each year before it expires. AWS Certificate Manager (ACM) is a managed service that makes it easy to provision, manage, and deploy SSL/TLS certificates for use with services like the ALB. However, ACM cannot issue certificates issued by external CAs. Therefore, the best option is to import an SSL/TLS certificate issued by an external CA into ACM. Once the certificate is imported into ACM, it can be applied to the ALB. Amazon EventBridge (Amazon CloudWatch Events) can be used to send a notification when the certificate is nearing expiration. This will remind the operations team to manually rotate the certificate before it expires. 该公司需要在AWS上部署一个新的公共web应用程序。应用程序将在应用程序负载平衡器(ALB)后面运行。此外,应用程序需要在边缘使用由外部证书颁发机构(CA)颁发的SSL/TLS证书进行加密。证书在到期前必须每年轮换一次。 AWS证书管理器(ACM)是一种托管服务,可以轻松地提供、管理和部署SSL/TLS证书,以便与ALB等服务一起使用。ACM无法颁发外部ca颁发的证书。因此,最好将外部CA颁发的SSL/TLS证书导入ACM。 证书导入ACM后,可以应用到ALB中。Amazon EventBridge (Amazon CloudWatch Events)可用于在证书即将到期时发送通知。这将提醒操作团队在证书到期之前手动轮换证书。