ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 409 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 409
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company manages more than 200 separate internet-facing web applications. All of the applications are deployed to AWS in a single AWS Region. The fully qualified domain names (FQDNs) of all of the applications are made available through HTTPS using Application Load Balancers (ALBs). The ALBs are configured to use public SSL/TLS certificates.
A Solutions Architect needs to migrate the web applications to a multi-region architecture. All HTTPS services should continue to work without interruption.
Which approach meets these requirements?

  • A. Request a certificate for each FQDN using AWS KMS. Associate the certificates with the ALBs in the primary AWS Region. Enable cross-region availability in AWS KMS for the certificates and associate the certificates with the ALBs in the secondary AWS Region.
  • B. Generate the key pairs and certificate requests for each FQDN using AWS KMS. Associate the certificates with the ALBs in both the primary and secondary AWS Regions.
  • C. Request a certificate for each FQDN using AWS Certificate Manager. Associate the certificates with the ALBs in both the primary and secondary AWS Regions.
  • D. Request certificates for each FQDN in both the primary and secondary AWS Regions using AWS Certificate Manager. Associate the certificates with the corresponding ALBs in each AWS Region.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Certificates in ACM are regional resources. To use a certificate with Elastic Load Balancing for the same fully qualified domain name (FQDN) or set of FQDNs in more than one AWS region, you must request or import a certificate for each region. For certificates provided by ACM, this means you must revalidate each domain name in the certificate for each region. You cannot copy a certificate between regions.
Reference:
https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
by Huy at Aug. 26, 2019, 4:48 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Huy
Highly Voted 3 years, 8 months ago
A & B mention about KMS which is not valid for SSL/TLS Cert Managment. ACM is regional service and each region must maintain its owns certificate list. So D should be correct in my opinion.
upvoted 40 times
...
examacc
Highly Voted 3 years, 8 months ago
Answer is D. As per AWS FAQ To use a certificate with Elastic Load Balancing for the same site (the same fully qualified domain name, or FQDN, or set of FQDNs) in a different Region, you must request a new certificate for each Region in which you plan to use it.
upvoted 18 times
...
cldy
Most Recent 3 years, 5 months ago
D is correct.
upvoted 1 times
...
AzureDP900
3 years, 5 months ago
D is right!
upvoted 1 times
...
cldy
3 years, 6 months ago
D. Request certificates for each FQDN in both the primary and secondary AWS Regions using AWS Certificate Manager. Associate the certificates with the corresponding ALBs in each AWS Region.
upvoted 2 times
...
AzureDP900
3 years, 6 months ago
Good explanation, D is right
upvoted 1 times
...
andylogan
3 years, 7 months ago
It's D
upvoted 2 times
...
AWS_Noob
3 years, 7 months ago
D. ACM is regional. ACM is for SSL / TLS
upvoted 2 times
...
nisoshabangu
3 years, 7 months ago
D is the correct answer
upvoted 1 times
...
Radhaghosh
3 years, 7 months ago
ACM is regional service. so for every region certificate to be provisioned. Answer is D Option with KMS is just distraction
upvoted 2 times
...
WhyIronMan
3 years, 7 months ago
I'll go with D
upvoted 1 times
...
natpilot
3 years, 7 months ago
is D. https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
upvoted 1 times
...
Kian1
3 years, 7 months ago
going with D
upvoted 2 times
...
Ebi
3 years, 7 months ago
Answer is D
upvoted 3 times
...
sanjaym
3 years, 7 months ago
It's D
upvoted 2 times
...
gookseang
3 years, 7 months ago
D for sure
upvoted 1 times
...
T14102020
3 years, 7 months ago
Correct answer is D. Certificate should be in every region.
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel