A company uses an Amazon CloudFront distribution to serve website content and must require clients to use a TLS certificate when accessing the site. The company wants to automate TLS certificate creation and renewal. Which solution meets these requirements with the MOST operational efficiency?
Choose an answer
Tap an option to check your answer.
Correct answer: Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain..
Why this is the answer
The most operationally efficient solution is to use AWS Certificate Manager (ACM) with DNS validation. ACM allows you to easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services like CloudFront. DNS validation automates the renewal process, as ACM can automatically renew certificates as long as the DNS record remains in place, requiring no manual intervention. CloudFront security policies and Origin Access Control (OAC) are not used for creating TLS certificates; security policies define the minimum TLS protocol, and OAC secures access to S3 origins. While email validation in ACM is an option, it requires manual action to respond to validation emails, making it less operationally efficient than DNS validation for automated renewals.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed