Multiple Choice
A company wants to launch an online shopping website in multiple countries and must ensure that customers are protected against potential "man-in-the-middle" attacks. Which architecture will provide the MOST secure site access?
A) Use Amazon Route 53 for domain registration and DNS services. Enable DNSSEC for all Route 53 requests. Use AWS Certificate Manager (ACM) to register TLS/SSL certificates for the shopping website, and use Application Load Balancers configured with those TLS/SSL certificates for the site. Use the Server Name Identification extension in all client requests to the site.
B) Register 2048-bit encryption keys from a third-party certificate service. Use a third-party DNS provider that uses the customer managed keys for DNSSec. Upload the keys to ACM, and use ACM to automatically deploy the certificates for secure web services to an EC2 front-end web server fleet by using NGINX. Use the Server Name Identification extension in all client requests to the site.
C) Use Route 53 for domain registration. Register 2048-bit encryption keys from a third-party certificate service. Use a third-party DNS service that supports DNSSEC for DNS requests that use the customer managed keys. Import the customer managed keys to ACM to deploy the certificates to Classic Load Balancers configured with those TLS/SSL certificates for the site. Use the Server Name Identification extension in all clients requests to the site.
D) Use Route 53 for domain registration, and host the company DNS root servers on Amazon EC2 instances running Bind . Enable DNSSEC for DNS requests. Use ACM to register TLS/SSL certificates for the shopping website, and use Application Load Balancers configured with those TLS/SSL certificates for the site. Use the Server Name Identification extension in all client requests to the site. Use Route 53 for domain registration, and host the company DNS root servers on Amazon EC2 instances running Bind . Enable DNSSEC for DNS requests. Use ACM to register TLS/SSL certificates for the shopping website, and use Application Load Balancers configured with those TLS/SSL certificates for the site. Use the Server Name Identification extension in all client requests to the site.
Correct Answer:
Verified
Correct Answer:
Verified
Q299: In the Amazon RDS Oracle DB engine,
Q300: In Amazon Cognito what is a silent
Q301: Your company has recently extended its datacenter
Q302: Which of the following components of AWS
Q303: An organization has created 5 IAM users.
Q305: A company is building an AWS landing
Q306: A user has enabled detailed CloudWatch monitoring
Q307: You are running a news website in
Q308: A user has launched a dedicated EBS
Q309: A company manages hundreds of AWS accounts