An international company uses subdomains for each country (example.com, country1.example.com, country2.example.com). Workloads are behind an Application Load Balancer. The company wants to encrypt in-transit website traffic. Which combination of steps will meet these requirements? (Choose two.)
Choose an answer
Tap an option to check your answer.
Correct answer: Use the AWS Certificate Manager (ACM) console to request a public certificate for the apex domain example.com and a wildcard certificate for *.example.com., Validate domain ownership for the domain by adding the required DNS records to the DNS provider..
Why this is the answer
To encrypt in-transit website traffic for an apex domain and its subdomains, you need a public SSL/TLS certificate. ACM allows you to request public certificates for free. Requesting a certificate for example.com and a wildcard certificate for .example.com covers both the main domain and all its subdomains (e.g., country1.example.com, country2.example.com). Private certificates are for internal use and would not be trusted by public browsers. Requesting both public and private for the apex domain is redundant and doesn't address subdomains. Domain ownership validation is crucial for ACM to issue a certificate. DNS validation is the recommended and most automated method. You add a CNAME record provided by ACM to your domain's DNS configuration, which ACM periodically checks. Email validation is an alternative but less scalable and often requires manual intervention. Switching from email to DNS validation is not a standard or necessary step; you choose one method.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed