Free Preparation Discussions
MENU
Amazon Exam SCS-C01 Topic 3 Question 63 Discussion
Topic #: 3
You need to create a Linux EC2 instance in IAM. Which of the following steps is used to ensure secure authentication the EC2 instance from a windows machine. Choose 2 answers from the options given below.
Please select:
To configure DNSSEC for a domain registered with Route 53, the most operationally efficient solution is to migrate the zone to Route 53 with DNSSEC signing enabled, create a key-signing key (KSK) that is based on an AWS Key Management Service (AWS KMS) customer managed key, and add a delegation signer (DS) record to the parent zone. This way, Route 53 handles the zone-signing key (ZSK) and the signing of the records in the hosted zone, and the customer only needs to manage the KSK in AWS KMS and provide the DS record to the domain registrar. Option A is incorrect because it does not involve migrating the zone to Route 53, which would simplify the DNSSEC configuration. Option B is incorrect because it creates both a ZSK and a KSK based on AWS KMS customer managed keys, which is unnecessary and less efficient than letting Route 53 manage the ZSK. Option C is incorrect because it does not involve migrating the zone to Route 53, and it requires running the dnssec-signzone command manually, which is less efficient than letting Route 53 sign the zone automatically. Verified Reference:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-configure-dnssec.html
https://aws.amazon.com/about-aws/whats-new/2020/12/announcing-amazon-route-53-support-dnssec/
Melissa
9 months agoProvidencia
8 months agoAnthony
8 months agoRosalia
9 months agoLashonda
8 months agoKayleigh
9 months agoShoshana
9 months agoMi
9 months agoLenny
9 months agoZita
9 months agoChristene
9 months agoMyong
9 months agoTegan
10 months agoShaun
10 months agoAdell
10 months agoTegan
10 months agoRoselle
10 months agoWilbert
9 months agoLucille
9 months agoBelen
9 months ago