Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SOA-C03 Exam - Topic 3 Question 4 Discussion

Actual exam question for Amazon's SOA-C03 exam
Question #: 4
Topic #: 3
[All SOA-C03 Questions]

A CloudOps engineer is configuring an Amazon CloudFront distribution to use an SSL/TLS certificate. The CloudOps engineer must ensure automatic certificate renewal.

Which combination of steps will meet this requirement? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: A, E

The AWS Cloud Operations and Security documentation specifies that for Amazon CloudFront, automatic certificate renewal is only supported for certificates issued by AWS Certificate Manager (ACM). When a certificate is managed by ACM and validated through DNS validation, ACM automatically renews the certificate before expiration without requiring manual intervention.

Option A ensures that the certificate is issued and managed by ACM, enabling full integration with CloudFront. Option E (DNS validation) is essential for automation; AWS performs revalidation automatically as long as the DNS validation record remains in place.

By contrast, email validation (Option D) requires manual user confirmation upon renewal, which prevents automatic renewals. Certificates issued by third-party certificate authorities (Option B) are manually managed and must be reimported into ACM after renewal. CloudFront does not have a direct feature (Option C) to renew certificates; it relies on ACM's lifecycle management.

Thus, combining ACM-issued certificates (A) with DNS validation (E) ensures continuous, automated renewal with no downtime or human action required.


by Junita at Oct 31, 2025, 01:26 AM

Limited Time Offer

25%

Off

Get Premium SOA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Mabel
2 months ago
I prefer A and D. Email validation is straightforward.
upvoted 0 times
...
Alexis
2 months ago
A and C could work too. Automatic renewal is key.
upvoted 0 times
...
Cherelle
2 months ago
I agree, A is essential. E makes sense for automation.
upvoted 0 times
...
Val
2 months ago
C is definitely not needed if you're using ACM!
upvoted 0 times
...
Leonor
3 months ago
B is a no-go if you want auto-renewal.
upvoted 0 times
...
Laticia
3 months ago
Wait, can CloudFront really auto-renew? Sounds too good to be true.
upvoted 0 times
...
Micaela
3 months ago
Totally agree with A! AWS ACM makes it easy.
upvoted 0 times
...
Curtis
3 months ago
A) and E) are the way to go!
upvoted 0 times
...
Carla
3 months ago
Automatic renewal? That's like having a self-cleaning oven - why didn't I think of that?
upvoted 0 times
...
Mignon
4 months ago
Hmm, I thought B was the right answer. Guess I need to study more cloud security.
upvoted 0 times
...
Rolf
4 months ago
I’m a bit confused about whether CloudFront handles automatic renewal itself or if we need to set something up. I don’t recall seeing option C in my notes.
upvoted 0 times
...
Marsha
4 months ago
I practiced a similar question where we had to choose between email and DNS validation, and I think DNS is generally preferred for automation.
upvoted 0 times
...
Dexter
4 months ago
I’m not entirely sure, but I feel like configuring DNS validation could be important for the certificate management process. Maybe option E?
upvoted 0 times
...
Lucy
4 months ago
I agree, using ACM and DNS validation is the way to go.
upvoted 0 times
...
Shonda
4 months ago
I think A and E are the best choices. ACM is easy to manage.
upvoted 0 times
...
Janessa
5 months ago
A and E are the correct options.
upvoted 0 times
...
Caitlin
5 months ago
C is a trap answer, CloudFront doesn't automatically renew certificates.
upvoted 0 times
...
My
5 months ago
I remember that using AWS Certificate Manager is crucial for automatic renewal, so I think option A is definitely one of the answers.
upvoted 0 times
...
Paola
5 months ago
I'm not sure about B. Does using a third-party certificate mean I can't get automatic renewal?
upvoted 0 times
...
Sherly
6 months ago
I'm pretty confident that A and E are the way to go. Using an ACM certificate and configuring DNS validation should cover the automatic renewal requirement.
upvoted 0 times
...
Marci
6 months ago
I'm a bit confused about the difference between options C and D. Do I need to configure both email and DNS validation?
upvoted 0 times
...
Lacey
6 months ago
Okay, I think I've got this. A and E seem like the right combination to ensure automatic renewal.
upvoted 0 times
...
Ira
6 months ago
Hmm, this one seems tricky. I'll need to think through the options carefully.
upvoted 0 times
Nadine
25 days ago
Agreed, DNS validation is easier to manage.
upvoted 0 times
...
Breana
1 month ago
What about DNS validation? Seems like a good choice.
upvoted 0 times
...
Emeline
1 month ago
Definitely! It simplifies the process.
upvoted 0 times
...
Celeste
1 month ago
I think using AWS Certificate Manager is a must.
upvoted 0 times
...
Helga
5 months ago
So, A and E? That sounds solid!
upvoted 0 times
...
...

Save Cancel