A company is operating a website using Amazon CloudFront. CloudFront serves some content from Amazon S3 and other content from web servers running on Amazon EC2 instances behind an Application Load Balancer (ALB). Amazon DynamoDB is used as the data store. The company already uses AWS Certificate Manager (ACM) to store a public TLS certificate that can optionally secure connections between the website users and CloudFront. The company has a new requirement to enforce end-to-end encryption in transit. Which combination of steps should the company take to meet this requirement? (Choose three.)

Topic #: - All AWS Certified Security - Specialty Questions

A. Update the CloudFront distribution, configuring it to optionally use HTTPS when connecting to origins on Amazon S3.
B. Update the web application configuration on the web servers to use HTTPS instead of HTTPS when connecting to DynamoDB.
C. Update the CloudFront distribution to redirect HTTP connections to HTTPS.
D. Configure the web servers on the EC2 instances to listen using HTTPS using the public ACM TLS certificate. Update the ALB to connect to the target group using HTTPS.
E. Update the ALB listener to listen using HTTPS using the public ACM TLS certificate. Update the CloudFront distribution to connect to the HTTPS listener.
F. Create a TLS certificate. Configure the web servers on the EC2 instances to use HTTPS only with that certificate. Update the ALB to connect to the target group using HTTPS.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Reference Material:

Suggested Answer:

Reference Material:

Share this post

Join the Discussion