AWS Certified Solutions Architect - Associate (SAA-C03) Practice Test
15 Questions
4 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the best way to meet the requirements of encrypting the application at the edge with a certificate issued by an external CA and rotating it annually?

  • Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Import the key material from the certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.
  • Use AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root CA. Apply the certificate to the ALB.
  • Apply a self-signed SSL/TLS certificate to the ALB. Manually rotate the certificate each year.
  • Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate. (correct)
  • What is the incorrect way to ensure encryption at the edge with a certificate issued by an external CA and annual rotation?

  • Use AWS Certificate Manager (ACM) Public Certificate Authority to issue an SSL/TLS certificate from the root CA. Apply the certificate to the ALB. (correct)
  • Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.
  • Apply a self-signed SSL/TLS certificate to the backend servers behind ALB. Manually rotate the certificate each year.
  • Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Import the key material from the certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.
  • Which action would NOT meet the requirement of rotating the SSL/TLS certificate annually?

  • Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.
  • Use AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root CA. Apply the certificate to the ALB.
  • Import a third-party SSL/TLS certificate directly into ALB without involving ACM. (correct)
  • Use AWS CloudFront to manage SSL/TLS certificates for ALB and enable automatic rotation.
  • Which approach does NOT align with best practices for managing SSL/TLS certificates in AWS?

    <p>Using Let's Encrypt to obtain SSL/TLS certificates and manually applying them to ALB.</p> Signup and view all the answers

    What would be a suboptimal approach for managing SSL/TLS certificates for an ALB in AWS?

    <p>Manually renewing self-signed SSL/TLS certificates on ALB every year.</p> Signup and view all the answers

    Which option would NOT be suitable for ensuring encryption with a valid SSL/TLS certificate on an ALB in AWS?

    <p>Obtaining a third-party SSL/TLS certificate and importing it directly into ALB without involving ACM.</p> Signup and view all the answers

    What is the most cost-effective way for the company to avoid Regional data transfer charges?

    <p>Deploy a gateway VPC endpoint for Amazon S3</p> Signup and view all the answers

    How can the company automatically rotate the SSL/TLS certificate for the ALB?

    <p>Use managed renewal feature to automatically rotate the certificate</p> Signup and view all the answers

    What is the correct combination of steps for the solutions architect to connect from the on-premises network to the bastion host and the application servers?

    <p>Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company</p> Signup and view all the answers

    What should be done to allow access from on-premises network through the company's internet connection to the bastion host and application servers?

    <p>Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company</p> Signup and view all the answers

    What action should be taken to connect from on-premises network through the company's internet connection to the bastion host and application servers?

    <p>Implement VPN connection between on-premises network and AWS VPC</p> Signup and view all the answers

    Which method should be used to notify when the SSL/TLS certificate is nearing expiration?

    <p>Configure Amazon EventBridge rule to send a notification when certificate is nearing expiration</p> Signup and view all the answers

    What would be a suitable solution for connecting securely to Linux-based application instances on Amazon EC2 in a private subnet?

    <p>Use public key authentication for SSH access to EC2 instances</p> Signup and view all the answers

    How can data transfer charges be minimized when EC2 instances download and upload images to Amazon S3?

    <p><strong>Utilize gateway VPC endpoints</strong> for Amazon S3 instead of relying on NAT gateway</p> Signup and view all the answers

    What's a secure way for systems administrators to connect from on-premises network through company's internet connection to bastion host and application servers?

    <p><strong>Utilize VPN tunnels</strong> between on-premises network and AWS VPC for secure connections</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Browser