PrepAway - Latest Free Exam Questions & Answers

Which configuration should be used to ensure mat AWS credentials (i.e., Access Key ID/Secret Access Key combin

A company is building software on AWS that requires access to various AWS services. Which configuration
should be used to ensure mat AWS credentials (i.e., Access Key ID/Secret Access Key combination) are not
compromised?

PrepAway - Latest Free Exam Questions & Answers

A.
Enable Multi-Factor Authentication for your AWS root account.

B.
Assign an IAM role to the Amazon EC2 instance.

C.
Store the AWS Access Key ID/Secret Access Key combination in software comments.

D.
Assign an IAM user to the Amazon EC2 Instance.

Explanation:

http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html

30 Comments on “Which configuration should be used to ensure mat AWS credentials (i.e., Access Key ID/Secret Access Key combin

  1. JM says:

    B
    Use roles for applications that run on Amazon EC2 instances

    Applications that run on an Amazon EC2 instance need credentials in order to access other AWS services. To provide credentials to the application in a secure way, use IAM roles. A role is an entity that has its own set of permissions, but that isn’t a user or group. Roles also don’t have their own permanent set of credentials the way IAM users do. In the case of Amazon EC2, IAM dynamically provides temporary credentials to the EC2 instance, and these credentials are automatically rotated for you.

    Source:http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#use-roles-with-ec2




    1



    0
      1. Sam James says:

        Networkmanagers can’t pass the exam even after 100 years.
        Forget it, the technology will not exist even, either way.




        0



        0
  2. SoftwareEngineer says:

    B is correct. Using API & Secret Keys is a pain and Keys demand periodic rotation for Security Best Practice reasons. AWS introduced IAM Roles for the very same purpose, because IAM Roles allow keyless operations.




    0



    0
    1. mutiger91 says:

      Even if it did exist:

      1) You can now assign roles to existing instances
      2) If you couldn’t, making an AMI of the current config and relaunching with the role is just a scheduled change.




      0



      0
  3. umesh says:

    Guess its A because he says Access key/secret access key are not compromised….and option B has no need for it meaning we dont use Access Key/Secret Access at all…




    0



    0
  4. swagata mondal says:

    even i thought A but its B as AWS credentials (i.e., Access Key ID/Secret Access Key
    combination) are not compromised
    A is about USer id and password with MFA




    0



    0
  5. krish says:

    A should be the answer, if the question is changed slightly

    Original question
    “A company is building software on AWS that requires access to various AWS services. Which configuration
    should be used to ensure mat AWS credentials (i.e., Access Key ID/Secret Access Key combination) are not
    compromised?”
    Changed/updated
    “A company is building software on AWS that requires access to various AWS services. Which configuration
    should be used to ensure root AWS credentials (i.e., Access Key ID/Secret Access Key combination) are not
    compromised?”




    1



    0
  6. ab star says:

    B
    – Company is building software on AWS – i.e involvement of EC2 which is better off with ‘Roles’
    – various services : roles can be used for various services which is much secure
    – Enable MFA on your AWS root acccount (keyword here is root account, how about use of aws services without root account – it is not ideal to use root account to integrate with other services.




    0



    0
  7. PM says:

    I believe A is correct answer. Since, it never asks for any EC2 instance yet.The software build can be installed as an app which can be on elastic beanstalk as well. So, ideally we cant say for sure whether it uses EC2 or elastic beanstalk so more accurate answer looks like A only.




    0



    0

Leave a Reply

Your email address will not be published. Required fields are marked *