Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

A team operates an Application Load Balancer in the us-east-1 Region that fronts an HTTPS API available at api.example.com and several other subdomains. The company's public DNS is hosted in Amazon Route 53. The team must provide TLS termination with a single wildcard certificate that renews automatically and incurs no additional cost or maintenance. Which approach meets these requirements with the least operational effort?

  • Issue a private wildcard certificate for *.example.com from ACM Private CA, schedule a Lambda function to renew it, and attach the certificate to the listener.

  • Request a public wildcard certificate for *.example.com in ACM within us-east-1, use DNS validation so ACM creates the required Route 53 record, and attach the certificate to the ALB listener.

  • Purchase a third-party wildcard certificate, import it into ACM, and associate it with the listener, rotating the certificate before each expiration date.

  • Enable the ALB's integrated Let's Encrypt option to generate and automatically renew a wildcard certificate for all required subdomains.

AWS Certified CloudOps Engineer Associate SOA-C03
Security and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot