AWS Certified Solutions Architect - Associate (SAA-C03) Practice Test

Play an AI-generated podcast conversation about this lesson

What is the best way to meet the requirements of encrypting the application at the edge with a certificate issued by an external CA and rotating it annually?

Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Import the key material from the certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.
Use AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root CA. Apply the certificate to the ALB.
Apply a self-signed SSL/TLS certificate to the ALB. Manually rotate the certificate each year.
Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate. (correct)

What is the incorrect way to ensure encryption at the edge with a certificate issued by an external CA and annual rotation?

Use AWS Certificate Manager (ACM) Public Certificate Authority to issue an SSL/TLS certificate from the root CA. Apply the certificate to the ALB. (correct)
Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.
Apply a self-signed SSL/TLS certificate to the backend servers behind ALB. Manually rotate the certificate each year.
Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Import the key material from the certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.

Which action would NOT meet the requirement of rotating the SSL/TLS certificate annually?

Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificate. Apply the certificate to the ALB. Use the managed renewal feature to automatically rotate the certificate.
Use AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root CA. Apply the certificate to the ALB.
Import a third-party SSL/TLS certificate directly into ALB without involving ACM. (correct)
Use AWS CloudFront to manage SSL/TLS certificates for ALB and enable automatic rotation.

Which approach does NOT align with best practices for managing SSL/TLS certificates in AWS?

Using Let's Encrypt to obtain SSL/TLS certificates and manually applying them to ALB. (B) Signup and view all the answers

What would be a suboptimal approach for managing SSL/TLS certificates for an ALB in AWS?

Manually renewing self-signed SSL/TLS certificates on ALB every year. (C) Signup and view all the answers

Which option would NOT be suitable for ensuring encryption with a valid SSL/TLS certificate on an ALB in AWS?

Obtaining a third-party SSL/TLS certificate and importing it directly into ALB without involving ACM. (A) Signup and view all the answers

What is the most cost-effective way for the company to avoid Regional data transfer charges?

Deploy a gateway VPC endpoint for Amazon S3 (D) Signup and view all the answers

How can the company automatically rotate the SSL/TLS certificate for the ALB?

Use managed renewal feature to automatically rotate the certificate (A) Signup and view all the answers

What is the correct combination of steps for the solutions architect to connect from the on-premises network to the bastion host and the application servers?

Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company (B) Signup and view all the answers

What should be done to allow access from on-premises network through the company's internet connection to the bastion host and application servers?

Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company (B) Signup and view all the answers

What action should be taken to connect from on-premises network through the company's internet connection to the bastion host and application servers?

Implement VPN connection between on-premises network and AWS VPC (A) Signup and view all the answers

Which method should be used to notify when the SSL/TLS certificate is nearing expiration?

Configure Amazon EventBridge rule to send a notification when certificate is nearing expiration (C) Signup and view all the answers

What would be a suitable solution for connecting securely to Linux-based application instances on Amazon EC2 in a private subnet?

Use public key authentication for SSH access to EC2 instances (D) Signup and view all the answers

How can data transfer charges be minimized when EC2 instances download and upload images to Amazon S3?

Utilize gateway VPC endpoints for Amazon S3 instead of relying on NAT gateway (B) Signup and view all the answers

What's a secure way for systems administrators to connect from on-premises network through company's internet connection to bastion host and application servers?

Utilize VPN tunnels between on-premises network and AWS VPC for secure connections (B) Signup and view all the answers

AWS Certified Solutions Architect - Associate (SAA-C03) Practice Test

Choose a study mode

Podcast

Questions and Answers

What is the best way to meet the requirements of encrypting the application at the edge with a certificate issued by an external CA and rotating it annually?

What is the incorrect way to ensure encryption at the edge with a certificate issued by an external CA and annual rotation?

Which action would NOT meet the requirement of rotating the SSL/TLS certificate annually?

Which approach does NOT align with best practices for managing SSL/TLS certificates in AWS?

What would be a suboptimal approach for managing SSL/TLS certificates for an ALB in AWS?

Which option would NOT be suitable for ensuring encryption with a valid SSL/TLS certificate on an ALB in AWS?

What is the most cost-effective way for the company to avoid Regional data transfer charges?

How can the company automatically rotate the SSL/TLS certificate for the ALB?

What is the correct combination of steps for the solutions architect to connect from the on-premises network to the bastion host and the application servers?

What should be done to allow access from on-premises network through the company's internet connection to the bastion host and application servers?

What action should be taken to connect from on-premises network through the company's internet connection to the bastion host and application servers?

Which method should be used to notify when the SSL/TLS certificate is nearing expiration?

What would be a suitable solution for connecting securely to Linux-based application instances on Amazon EC2 in a private subnet?

How can data transfer charges be minimized when EC2 instances download and upload images to Amazon S3?

What's a secure way for systems administrators to connect from on-premises network through company's internet connection to bastion host and application servers?

More Like This

AWS SAA-C03 Questions: Quiz & Flashcards for Exam Topics 368 & 500

AWS Certified Solutions Architect - Associate (SAA-C03) Practice Test

AWS Certified Solutions Architect - SAA-C03

AWS Solutions Architect Exam - SAA-C03