ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 465 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 465
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company uses Amazon Route 53 to create a public DNS zone for the domain example.com in Account A. The company creates another public DNS zone for the subdomain dev.example.com in Account B. A security engineer creates a wildcard certificate (*.dev.example.com) with DNS validation by using AWS Certificate Manager (ACM). The security engineer validates that the corresponding CNAME records have been created in the zone for dev.example.com in Account B.

After all these operations are completed, the certificate status is still pending validation.

What should the security engineer do to resolve this issue?

  • A. Purchase a valid wildcard certificate authority (CA) certificate that supports managed renewal. Import this certificate into ACM in Account B.
  • B. Add NS records for the subdomain dev.example.com to the Route 53 parent zone example.com in Account A.
  • C. Use AWS Certificate Manager Private Certificate Authority to create a subordinate certificate authority (CA). Use ACM to generate a private certificate that supports managed renewal.
  • D. Resend the email message that requests ownership validation of dev.example.com.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Anshnow at Feb. 2, 2023, 12:38 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
yorkicurke
1 year, 4 months ago
Selected Answer: B
Why do we need to do the step in B; Because if the DNS zones for the domain and subdomain were in the same AWS account, you wouldn’t necessarily need to add NS records for the subdomain to the parent zone. This is because Amazon Route 53 automatically recognizes the relationship between the domain and its subdomains within the same account. However, when the DNS zones are in different accounts, you need to explicitly create NS records in the parent zone to delegate authority to the subdomain’s zone. This ensures that DNS queries for the subdomain are correctly routed to its zone, regardless of which account it’s in.
upvoted 1 times
...
bwestpha
2 years, 2 months ago
Selected Answer: B
Also would vote for B. No delegation = subdomain hosted zone does exactly nothing
upvoted 3 times
...
paczkin
2 years, 2 months ago
Selected Answer: B
B - needs domain delegation
upvoted 1 times
...
PatrickLi
2 years, 3 months ago
Selected Answer: B
Confirming answer B. It needs domain delegation.
upvoted 1 times
...
Anshnow
2 years, 3 months ago
Selected Answer: B
B, Add NS records to route traffic to your subdomain Select the hosted zone for the domain (example.com). Be sure not to select the name of the subdomain (some.example.com). https://aws.amazon.com/premiumsupport/knowledge-center/create-subdomain-route-53/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago