ExpertHard1 markMultiple Choice
AWS SAP-C02 · Question 57 · Domain 2.3: Security Controls
A company needs to securely manage SSL/TLS certificates for their internal applications hosted on EC2 instances. The certificates must be trusted by internal clients but not public. Which TWO services/features should be used? (Select TWO)
A company needs to securely manage SSL/TLS certificates for their internal applications hosted on EC2 instances. The certificates must be trusted by internal clients but not public. Which TWO services/features should be used? (Select TWO)
Answer options:
A.
AWS Certificate Manager (ACM) Public Certificates.
B.
AWS Certificate Manager (ACM) Private Certificate Authority (CA).
C.
AWS Key Management Service (KMS).
D.
AWS Systems Manager or custom scripts to deploy the certificates to EC2.
E.
Attach the ACM certificate directly to the EC2 instance via the console.
F.
AWS Secrets Manager.
How to approach this question
Identify the internal PKI service and how it integrates with EC2.
Full Answer
ACM Private CA issues internal certificates. Because EC2 is not a managed endpoint like an ALB, you must use automation (like Systems Manager) to export and install the certificates on the instances.
Common mistakes
Assuming ACM can automatically install certificates on EC2 instances.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3
75 questions · hints · full answers · grading
More questions from this exam
Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...HardQ02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...MediumQ03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...HardQ04A company is setting up a new multi-account AWS environment. They want to automate the creation o...MediumQ05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium