Free Preparation Discussions
MENU
Amazon SOA-C03 Exam - Topic 3 Question 4 Discussion
Topic #: 3
A CloudOps engineer is configuring an Amazon CloudFront distribution to use an SSL/TLS certificate. The CloudOps engineer must ensure automatic certificate renewal.
Which combination of steps will meet this requirement? (Select TWO.)
The AWS Cloud Operations and Security documentation specifies that for Amazon CloudFront, automatic certificate renewal is only supported for certificates issued by AWS Certificate Manager (ACM). When a certificate is managed by ACM and validated through DNS validation, ACM automatically renews the certificate before expiration without requiring manual intervention.
Option A ensures that the certificate is issued and managed by ACM, enabling full integration with CloudFront. Option E (DNS validation) is essential for automation; AWS performs revalidation automatically as long as the DNS validation record remains in place.
By contrast, email validation (Option D) requires manual user confirmation upon renewal, which prevents automatic renewals. Certificates issued by third-party certificate authorities (Option B) are manually managed and must be reimported into ACM after renewal. CloudFront does not have a direct feature (Option C) to renew certificates; it relies on ACM's lifecycle management.
Thus, combining ACM-issued certificates (A) with DNS validation (E) ensures continuous, automated renewal with no downtime or human action required.
Alexis
9 days agoCherelle
14 days agoVal
19 days agoLeonor
24 days agoLaticia
30 days agoMicaela
1 month agoCurtis
1 month agoCarla
2 months agoMignon
2 months agoRolf
2 months agoMarsha
2 months agoDexter
2 months agoLucy
2 months agoShonda
3 months agoJanessa
3 months agoCaitlin
3 months agoMy
3 months agoPaola
4 months agoSherly
4 months agoMarci
4 months agoLacey
4 months agoIra
4 months agoHelga
3 months ago