A company uses AWS Certificate Manager (ACM) to provision SSL/TLS certificates for their Application Load Balancers. The security team wants to ensure that certificates are automatically renewed before they expire. What must the solutions architect do to enable this?

Answer options:

Write a Lambda function to trigger the renewal API call.

Ensure the certificates are validated via DNS validation.

Configure an EventBridge rule to notify administrators to manually renew.

Use AWS Config to automatically remediate expired certificates.

How to approach this question

Recall the requirement for ACM automatic renewal.

Full Answer

B.Ensure the certificates are validated via DNS validation.✓ Correct

Ensure the certificates are validated via DNS validation.

AWS Certificate Manager (ACM) provides managed renewal for Amazon-issued SSL/TLS certificates. If you use DNS validation, ACM can automatically renew your certificates as long as the DNS record remains in place.

Common mistakes

Thinking email validation supports fully automated, hands-off renewal.

Question 19 All questions Question 21

Practice the full AWS SAA-C03 Practice Exam 5

65 questions · hints · full answers · grading

More questions from this exam

Q01A company needs to grant an external auditor read-only access to specific AWS resources. The audi...Easy Q02An application running on EC2 instances needs to access objects in an S3 bucket. The security tea...Medium Q03A company is designing a VPC for a multi-tier web application. They need to block specific malici...Medium Q04A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...Hard Q05A company hosts a web application on an Application Load Balancer (ALB). They are experiencing SQ...Medium

View all 65 questions →