Skip to content

Fix: Practice exam 4 - Q1. Answer is collected from AWS official latest document.#319

Open
Fahim-ju wants to merge 1 commit intokananinirav:masterfrom
Fahim-ju:fix/practice-exam-4-Q1
Open

Fix: Practice exam 4 - Q1. Answer is collected from AWS official latest document.#319
Fahim-ju wants to merge 1 commit intokananinirav:masterfrom
Fahim-ju:fix/practice-exam-4-Q1

Conversation

@Fahim-ju
Copy link

@Fahim-ju Fahim-ju commented Apr 23, 2025

Question 1: A developer needs to set up an SSL security certificate for a client's eCommerce website in order to use the HTTPS protocol. Which of the following AWS services can be used to deploy the required SSL server certificates? (Choose TWO)

A. Amazon Route 53.
B. AWS ACM.
C. AWS Directory Service.
D. AWS Identity & Access Management.
E. AWS Data Pipeline.

Current Ans: A, B
Revised and Correct Ans: B, D

### Related Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html

Related Issue

Fixes #298

Explanation

B. AWS Certificate Manager (ACM):
ACM is the primary AWS service used to provision, manage, and deploy SSL/TLS certificates for use with AWS services like Elastic Load Balancers, CloudFront distributions, and API Gateway.

D. AWS Identity & Access Management (IAM):
IAM can also store and deploy SSL/TLS certificates, particularly when you're using them with services like EC2 instances running a web server or Classic Load Balancers.

Incorrect Options

A. Amazon Route 53:
This is a DNS web service. It does not manage SSL certificates.

C. AWS Directory Service:
This is used for integrating AWS resources with Microsoft Active Directory, not for SSL certificates.

E. AWS Data Pipeline:
This service is for data workflow orchestration—not related to certificates.

ACM is the preferred tool to provision, manage, and deploy your server certificates. But ACM is not supported to all regions. AWS suggests to use IAM as a certificate manager only when you must support HTTPS connections in a Region that is not supported by ACM.

@htsn01
Copy link

htsn01 commented Nov 20, 2025

i think the answer should be B and D. Route 53 is a DNS service, the related SSL CA workflow that Route 53 is involved in should be the certificate-issuing process. Route 53 participates in the DNS challenge step of the CA issuance workflow.

According to the AWS official blog post (link below), it seems that AWS Certificate Manager (ACM) was launched in 2016.
https://aws.amazon.com/blogs/security/now-available-aws-certificate-manager/

And from the link Fahim-ju provided, AWS IAM still retained the ability to manage SSL certificates through API calls (even though certificate management was removed from the management console of AWS IAM). AWS recommends using ACM for SSL certificates management whenever the region support the ACM service.
In conclusion, I believe that before 2016 (prior to the launch of AWS ACM), SSL certificates management was handled through AWS IAM service. After AWS ACM was launched, AWS recommended managing SSL certificates through AWS ACM instead.

Hence, the answer should be B. AWS ACM and D. AWS Identity & Access Management

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Exam 4, Question 1

2 participants

@Fahim-ju @htsn01