AWS Certificate Manager Validation Approaches

Correct Answer - B, D.

Refer to the below approaches on how to validate pending certificates in ACM:

https://docs.aws.amazon.com/en_pv/acm/latest/userguide/gs-acm-validate-dns.html https://docs.aws.amazon.com/en_pv/acm/latest/userguide/gs-acm-validate-email.html

Option A is incorrect: Because ACM does not send SMS to validate if a user owns the domain name or not.

Option B is CORRECT: User can choose either DNS validation or Email validation as below:

Option C is incorrect: Because domain names registered through Route53 still need to be validated.

Option D is CORRECT: The below email will be received as an email validation:

Option E is incorrect: Because there is no Pending Validation icon.

You have to use either DNS validation or Email validation.

AWS Certificate Manager (ACM) is a service provided by Amazon Web Services that enables the users to manage SSL/TLS certificates to secure their websites and applications that run on AWS services. When a user requests a new certificate, the certificate status becomes "Pending validation" until the ownership of the domain name can be verified. ACM provides several options for domain name validation.

The options for domain name validation are as follows:

A. ACM sends an SMS to the registered phone number of the domain name. A user can validate it by clicking the validation URL. This option is useful when the domain owner wants to validate the ownership of the domain via SMS. When the user requests the validation of the domain, ACM sends an SMS with a validation URL to the phone number associated with the domain name. The user can click on the URL and validate the domain ownership.

B. Use DNS to validate the domain ownership. You can insert ACM generated CNAME records into your DNS database. This option is useful when the domain owner wants to validate the ownership of the domain via DNS. When the user requests the validation of the domain, ACM generates a CNAME record that needs to be inserted into the DNS database of the domain. Once the CNAME record is verified, the domain ownership is considered valid.

C. If the domain name is registered by Route53, no validation action is required. Just wait for a while, and it will be automatically validated. This option is useful when the domain owner has registered the domain name via Route53. ACM automatically validates the domain ownership if the domain name is registered via Route53. The user does not need to take any action and wait for a while, and the domain ownership will be considered valid.

D. ACM sends emails to the contact addresses of the domain name. You can validate the domain owner in the email. This option is useful when the domain owner wants to validate the ownership of the domain via email. When the user requests the validation of the domain, ACM sends an email to the contact address associated with the domain name. The user can follow the instructions in the email and validate the domain ownership.

E. If the domain name is registered by Route53, a Pending Validation icon is generated in the Registered Domains. Just click the Pending Validation icon, and ACM will modify the certificate status to Issued. This option is useful when the domain owner has registered the domain name via Route53. If the domain ownership is not automatically validated, the user can click on the Pending Validation icon in the Registered Domains section of Route53. Clicking the icon validates the domain ownership, and ACM modifies the certificate status to Issued.

In summary, ACM provides several options for domain name validation to ensure the security of the SSL/TLS certificates. The user can choose the option that is most suitable for their needs.