New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon-DEA-C01 Exam - Topic 3 Question 8 Discussion

Actual exam question for Amazon's Amazon-DEA-C01 exam
Question #: 8
Topic #: 3
[All Amazon-DEA-C01 Questions]

A company hosts its applications on Amazon EC2 instances. The company must use SSL/TLS connections that encrypt data in transit to communicate securely with AWS infrastructure that is managed by a customer.

A data engineer needs to implement a solution to simplify the generation, distribution, and rotation of digital certificates. The solution must automatically renew and deploy SSL/TLS certificates.

Which solution will meet these requirements with the LEAST operational overhead?

Show Suggested Answer Hide Answer
Suggested Answer: B

The best solution for managing SSL/TLS certificates on EC2 instances with minimal operational overhead is to use AWS Certificate Manager (ACM). ACM simplifies certificate management by automating the provisioning, renewal, and deployment of certificates.

AWS Certificate Manager (ACM):

ACM manages SSL/TLS certificates for EC2 and other AWS resources, including automatic certificate renewal. This reduces the need for manual management and avoids operational complexity.

ACM also integrates with other AWS services to simplify secure connections between AWS infrastructure and customer-managed environments.


Alternatives Considered:

A (Self-managed certificates): Managing certificates manually on EC2 instances increases operational overhead and lacks automatic renewal.

C (Secrets Manager automation): While Secrets Manager can store keys and certificates, it requires custom automation for rotation and does not handle SSL/TLS certificates directly.

D (ECS Service Connect): This is unrelated to SSL/TLS certificate management and would not address the operational need.

AWS Certificate Manager Documentation

by Thurman at Dec 06, 2024, 02:47 PM

Limited Time Offer

25%

Off

Get Premium Amazon-DEA-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tammara
3 months ago
C seems like overkill for this scenario.
upvoted 0 times
...
Margurite
3 months ago
Wait, can ACM really handle auto-renewal? That sounds too good to be true.
upvoted 0 times
...
Estrella
3 months ago
Not sure about B, self-managed might give more control.
upvoted 0 times
...
Marvel
4 months ago
I agree, AWS Certificate Manager simplifies everything!
upvoted 0 times
...
Deandrea
4 months ago
B is definitely the easiest way to manage certificates.
upvoted 0 times
...
Carlee
4 months ago
I feel like using custom scripts could be overkill for this scenario. It might add more complexity than necessary.
upvoted 0 times
...
Jackie
4 months ago
I practiced a similar question where ACM was the answer. It really does simplify the process, so I’m leaning towards that.
upvoted 0 times
...
Graciela
4 months ago
I'm a bit unsure about the self-managed certificates. I think they require more manual work for renewal and deployment, right?
upvoted 0 times
...
Elke
5 months ago
I remember studying about AWS Certificate Manager and how it automates certificate management. It seems like the best option here.
upvoted 0 times
...
Chanel
5 months ago
The custom automation scripts in AWS Secrets Manager could work, but that feels like it would require more effort to set up and maintain than the ACM option. I'm going to go with B - AWS Certificate Manager.
upvoted 0 times
...
Herman
5 months ago
Based on the requirements, I think AWS Certificate Manager (ACM) is the way to go. It automatically renews and deploys the certificates, which should minimize the operational overhead for the data engineer.
upvoted 0 times
...
Glynda
5 months ago
Hmm, I'm a bit unsure about this one. Storing self-managed certificates on the EC2 instances seems like it could be a lot of work to maintain and rotate them. I'm leaning towards one of the AWS-managed options.
upvoted 0 times
...
Veronika
5 months ago
This seems like a straightforward question about managing SSL/TLS certificates for a company's AWS infrastructure. I think the key is to find the solution that requires the least operational overhead.
upvoted 0 times
...
Filiberto
1 year ago
Option C might work, but it just seems like a lot of extra work when AWS Certificate Manager is right there. Why make things complicated?
upvoted 0 times
...
Mabel
1 year ago
Personally, I'm not a fan of option A. Self-managing certificates on EC2 instances sounds like a recipe for headaches down the line.
upvoted 0 times
Lavonda
1 year ago
That could work too, but ACM seems like the easier option.
upvoted 0 times
...
Demetra
1 year ago
D) Use Amazon Elastic Container Service (Amazon ECS) Service Connect.
upvoted 0 times
...
Rosalyn
1 year ago
I agree, using ACM would definitely simplify the process.
upvoted 0 times
...
Chantell
1 year ago
B) Use AWS Certificate Manager (ACM).
upvoted 0 times
...
...
Lawanda
1 year ago
Haha, I bet the person who came up with option D was just trying to be fancy. 'Amazon Elastic Container Service (Amazon ECS) Service Connect' - that's a mouthful!
upvoted 0 times
Lavonne
1 year ago
C: Definitely, no need for fancy names like option D.
upvoted 0 times
...
Nancey
1 year ago
B: Yeah, that sounds like the simplest option.
upvoted 0 times
...
Daren
1 year ago
A: B) Use AWS Certificate Manager (ACM).
upvoted 0 times
...
...
Launa
1 year ago
I agree, B is the way to go. No need to reinvent the wheel when AWS has a service that handles this for you.
upvoted 0 times
Artie
1 year ago
I agree, B is the way to go. No need to reinvent the wheel when AWS has a service that handles this for you.
upvoted 0 times
...
Ma
1 year ago
A) Store self-managed certificates on the EC2 instances.
upvoted 0 times
...
Louvenia
1 year ago
B) Use AWS Certificate Manager (ACM).
upvoted 0 times
...
...
Vivienne
1 year ago
Using ACM reduces operational overhead and ensures certificates are managed securely.
upvoted 0 times
...
Mona
1 year ago
Option B seems like the most straightforward solution. AWS Certificate Manager takes care of the hassle of managing certificates, and it's integrated with other AWS services.
upvoted 0 times
Tomoko
1 year ago
I agree, ACM is the way to go for managing certificates on AWS.
upvoted 0 times
...
Mike
1 year ago
B) Use AWS Certificate Manager (ACM).
upvoted 0 times
...
Loren
1 year ago
That sounds like a good choice. ACM can definitely simplify the process.
upvoted 0 times
...
Azalee
1 year ago
B) Use AWS Certificate Manager (ACM).
upvoted 0 times
...
...
Gearldine
1 year ago
But wouldn't storing self-managed certificates on EC2 instances be easier?
upvoted 0 times
...
Tasia
1 year ago
I agree with Vivienne, ACM can automatically renew and deploy SSL/TLS certificates.
upvoted 0 times
...
Vivienne
1 year ago
I think using AWS Certificate Manager (ACM) would be the best option.
upvoted 0 times
...

Save Cancel