SAA-C03 · Question #649
SAA-C03 Question #649: Real Exam Question with Answer & Explanation
The correct answer is C: Import a third-party SSL certificate into AWS Certificate Manager (ACM). Install the third-party. To achieve end-to-end encryption, both the ALB and the EC2 instances must terminate HTTPS with valid certificates. Importing a third-party SSL certificate into AWS Certificate Manager (ACM) for the ALB and installing the same certificate on the EC2 instances provides a consistent
Question
A company hosts an end-user application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company needs to configure end-to-end encryption between the ALB and the EC2 instances. Which solution will meet this requirement with the LEAST operational effort?
Options
- ADeploy AWS CloudHSM. Import a third-party certificate into CloudHSM. Configure the EC2
- BImport a third-party certificate bundle into AWS Certificate Manager (ACM). Generate a self-
- CImport a third-party SSL certificate into AWS Certificate Manager (ACM). Install the third-party
- DUse Amazon-issued AWS Certificate Manager (ACM) certificates on the EC2 instances and the
Explanation
To achieve end-to-end encryption, both the ALB and the EC2 instances must terminate HTTPS with valid certificates. Importing a third-party SSL certificate into AWS Certificate Manager (ACM) for the ALB and installing the same certificate on the EC2 instances provides a consistent, trusted certificate at both ends. ACM then manages the certificate on the ALB (including renewal integration), and you only need to maintain the certificate on the EC2 instances, which is simpler and requires less operational effort than introducing CloudHSM or trying to use ACM-issued public certificates directly on EC2.
Community Discussion
No community discussion yet for this question.