A company wants to launch an online shopping website in multiple countries and must ensure that customers are protected against potential `man-in-the-middle` attacks. Which architecture will provide the MOST secure site access?
A.
Use Amazon Route 53 for domain registration and DNS services. Enable DNSSEC for all Route 53 requests. Use AWS Certificate Manager (ACM) to register TLS/SSL certificates for the shopping website, and use Application Load Balancers configured with those TLS/SSL certificates for the site. Use the Server Name Identification extension in all client requests to the site.
B.
Register 2048-bit encryption keys from a third-party certificate service. Use a third-party DNS provider that uses the customer managed keys for DNSSec. Upload the keys to ACM, and use ACM to automatically deploy the certificates for secure web services to an EC2 front-end web server fleet by using NGINX. Use the Server Name Identification extension in all client requests to the site.
C.
Use Route 53 for domain registration. Register 2048-bit encryption keys from a third-party certificate service. Use a third-party DNS service that supports DNSSEC for DNS requests that use the customer managed keys. Import the customer managed keys to ACM to deploy the certificates to Classic Load Balancers configured with those TLS/SSL certificates for the site. Use the Server Name Identification extension in all clients requests to the site.
D.
Use Route 53 for domain registration, and host the company DNS root servers on Amazon EC2 instances running Bind. Enable DNSSEC for DNS requests. Use ACM to register TLS/SSL certificates for the shopping website, and use Application Load Balancers configured with those TLS/SSL certificates for the site. Use the Server Name Identification extension in all client requests to the site.
The answer is A - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-configure-dnssec.html "You can protect your domain from this type of attack, known as DNS spoofing or a man-in-the-middle attack, by configuring Domain Name System Security Extensions (DNSSEC), a protocol for securing DNS traffic"
A. Use Amazon Route 53 for domain registration and DNS services. Enable DNSSEC for all Route 53 requests. Use AWS Certificate Manager (ACM) to register TLS/SSL certificates for the shopping website, and use Application Load Balancers configured with those TLS/SSL certificates for the site. Use the Server Name Identification extension in all client requests to the site.
With very recent announcement from AWS answer should be A:
https://aws.amazon.com/about-aws/whats-new/2020/12/announcing-amazon-route-53-support-dnssec/
A.
Old question?
According to
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-configure-dnssec.html
Amazon Route 53 supports DNSSEC for domain registration as well as DNSSEC signing
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
wasabidev
Highly Voted 3 years, 7 months agoMkumar
Highly Voted 3 years, 8 months agohilft
2 years, 10 months agoravisar
Most Recent 2 years, 12 months agobobsmith2000
3 years agokyo
3 years, 4 months agoNi_yot
3 years, 4 months agocldy
3 years, 5 months agocldy
3 years, 6 months agodenccc
3 years, 7 months agoWhyIronMan
3 years, 7 months agoWaiweng
3 years, 7 months agoblackgamer
3 years, 7 months agoBloodCube
3 years, 7 months agoAmitv2706
3 years, 7 months agokalyan_krishna742020
3 years, 7 months agoEbi
3 years, 7 months ago01037
3 years, 7 months ago