Free Top Amazon/AWS DEA-C01 Actual Exam Questions - Question 1 Discussion

It’s B for sure. ACM handles certs automatically and works with Elastic Load Balancers in front of EC2, so you avoid manual cert management or complex scripting.

Makes sense to skip A since self-managing certs means more manual work and risk. B seems best for auto-renewal without extra scripting hassle. Going with B here.

Actually, option D can be ruled out since ECS Service Connect is designed for containerized applications, and the question only mentions EC2 instances. Also, A isn’t ideal because managing self-signed certificates manually adds a lot of operational work. So, between B and C, B’s use of AWS Certificate Manager is more straightforward and fully managed. It automatically issues, renews, and deploys certificates without extra scripting, which fits the requirement for the least operational overhead perfectly.

It’s B because ACM automates cert management with zero manual intervention needed.

B/C? B is the easiest since ACM handles certs end-to-end, but C could offer customization if they already use Secrets Manager. Still, custom scripts usually add overhead, so B seems cleaner here.

Probably B again. Since the question focuses on EC2 and managing certificates with minimal overhead, ACM fits perfectly because it automates the whole process—no need for custom scripts or manual updates. Option C would add more complexity since you’d have to maintain your own automation. D is less relevant here unless the apps are running on ECS, which isn’t stated. So, B seems like the cleanest, most straightforward choice to meet all the requirements with the least operational hassle.

Probably B since AWS Certificate Manager handles certs automatically without custom scripts.

B vs C? B seems solid since ACM is designed to handle cert lifecycle automatically, which fits the “least operational overhead” requirement perfectly. C could work if you want full control, but writing and maintaining custom scripts adds complexity and risk. ACM’s integration with EC2 also means you don’t have to worry about manual deployment or renewal. So between these two, B looks like the more straightforward and reliable choice for this scenario.

Not A, because managing certificates manually on EC2 means a lot of overhead and risk of expiration. B is better since ACM automates renewal and deployment with minimal manual work.

Makes sense to go with B here since ACM handles cert lifecycle end-to-end and integrates directly with EC2, cutting down manual effort way more than options A or C. B

Maybe D? ECS Service Connect is designed to simplify secure service-to-service communication, and it can manage encrypted connections automatically. Since the question mentions communication with AWS infrastructure managed by the customer, using ECS Service Connect might handle certs and encryption with minimal setup on EC2 instances. This could reduce operational overhead compared to managing certs directly with ACM or writing custom scripts. Options A and C seem more manual and require more maintenance, so D might be the easiest for seamless, automatic certificate handling in this scenario.

It’s B. ACM handles all the heavy lifting for cert issuance and renewal without needing you to build and maintain scripts, unlike C. That’s the simplest way to keep SSL/TLS certs up to date on EC2.

B/C? I get why B makes sense because ACM automates cert management with minimal hassle. But C could work if they want more control over custom certs or non-AWS endpoints. Still, that adds scripting and maintenance, which seems against the “least operational overhead” part. So overall, B fits best for automatic renewals and ease of use without extra work.

This one feels straightforward since ACM handles cert management and rotation automatically. Going with B makes sense here.