Fix: Practice exam 4 - Q1. Answer is collected from AWS official latest document.#319
Fix: Practice exam 4 - Q1. Answer is collected from AWS official latest document.#319Fahim-ju wants to merge 1 commit intokananinirav:masterfrom
Conversation
|
i think the answer should be B and D. Route 53 is a DNS service, the related SSL CA workflow that Route 53 is involved in should be the certificate-issuing process. Route 53 participates in the DNS challenge step of the CA issuance workflow. According to the AWS official blog post (link below), it seems that AWS Certificate Manager (ACM) was launched in 2016. And from the link Fahim-ju provided, AWS IAM still retained the ability to manage SSL certificates through API calls (even though certificate management was removed from the management console of AWS IAM). AWS recommends using ACM for SSL certificates management whenever the region support the ACM service. Hence, the answer should be B. AWS ACM and D. AWS Identity & Access Management |
Question 1: A developer needs to set up an SSL security certificate for a client's eCommerce website in order to use the HTTPS protocol. Which of the following AWS services can be used to deploy the required SSL server certificates? (Choose TWO)
A. Amazon Route 53.
B. AWS ACM.
C. AWS Directory Service.
D. AWS Identity & Access Management.
E. AWS Data Pipeline.
Current Ans: A, B
Revised and Correct Ans: B, D
### Related Link: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html
Related Issue
Fixes #298
Explanation
B. AWS Certificate Manager (ACM):
ACM is the primary AWS service used to provision, manage, and deploy SSL/TLS certificates for use with AWS services like Elastic Load Balancers, CloudFront distributions, and API Gateway.
D. AWS Identity & Access Management (IAM):
IAM can also store and deploy SSL/TLS certificates, particularly when you're using them with services like EC2 instances running a web server or Classic Load Balancers.
Incorrect Options
A. Amazon Route 53:
This is a DNS web service. It does not manage SSL certificates.
C. AWS Directory Service:
This is used for integrating AWS resources with Microsoft Active Directory, not for SSL certificates.
E. AWS Data Pipeline:
This service is for data workflow orchestration—not related to certificates.
ACM is the preferred tool to provision, manage, and deploy your server certificates. But ACM is not supported to all regions. AWS suggests to use IAM as a certificate manager only when you must support HTTPS connections in a Region that is not supported by ACM.