AWS Certified Developer Associate DVA-C02 Practice Question
Your application hosted on AWS must maintain encrypted communication channels to prevent eavesdropping. As a security best practice, how should you manage the TLS certificate lifecycle that protects these channels?
Use a certificate-management service that automatically issues, renews, and deploys the required TLS certificates.
Perform a manual process to update and deploy new TLS certificates on each server whenever the current ones near expiration.
Use publicly trusted TLS certificates for all communication channels, including private or internal endpoints.
Store private keys and certificates in an object-storage bucket configured for public read access, and download them when the application starts.
Automating certificate lifecycle tasks with a service such as AWS Certificate Manager (or AWS Certificate Manager Private CA for internal certificates) ensures that TLS certificates are renewed and deployed before they expire, reducing the risk of service disruption. Manual rotation is error-prone; storing keys or certificates in publicly accessible object storage exposes sensitive material; and relying on publicly trusted certificates for every internal endpoint can leak internal naming information and add unnecessary external validation steps.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a certificate manager and how does it work?
Open an interactive chat with Bash
Why is automating the certificate lifecycle preferred over manual management?
Open an interactive chat with Bash
What are the risks associated with storing credentials in a publicly accessible storage service?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access