PrepAway - Latest Free Exam Questions & Answers

Which of the following strategies will help prevent a s…

Your system recently experienced down time during the troubleshooting process. You found that a new
administrator mistakenly terminated several production EC2 instances. Which of the following strategies will
help prevent a similar situation in the future? The administrator still must be able to:
– launch, start stop, and terminate development resources.
– launch and start production instances.

PrepAway - Latest Free Exam Questions & Answers

A.
Create an IAM user, which is not allowed to terminate instances by leveraging production EC2 termination
protection.

B.
Leverage resource based tagging along with an IAM user, which can prevent specific users from
terminating production EC2 resources.

C.
Leverage EC2 termination protection and multi-factor authentication, which together require users to
authenticate before terminating EC2 instances.

D.
Create an IAM user and apply an IAM role which prevents users from terminating production EC2 instances.

Explanation:
https://aws.amazon.com/blogs/security/resource-level-permissions-for-ec2-controlling-management-access-onspecific-instances/
*August 2016 Update* One way to work around this is to use a combination of an Amazon CloudWatch Events
rule and AWS Lambda to tag newly created instances.

6 Comments on “Which of the following strategies will help prevent a s…

  1. joy says:

    B, because you can tag your instances and write a policy(attach it to user) to restrict users from terminating instances that they do not own




    1



    0
  2. Mahendrakumar Ranvir says:

    A.Create an IAM user, which is not allowed to terminate instances by leveraging production EC2 termination protection. (Wrong because EC2 termination protection is enabled on EC2 instance)
    B.Leverage resource based tagging along with an IAM user, which can prevent specific users from terminating production EC2 resources. (Right because Identify production resources using tags and add explicit deny)
    C.Leverage EC2 termination protection and multi-factor authentication, which together require users to authenticate before terminating EC2 instances. (Wrong because Does not still prevent user from terminating instance)
    D.Create an IAM user and apply an IAM role, which prevents users from terminating production EC2 instances. (Wrong because Role is not applied to User but assumed by the User also need a way to identify production EC2 instances)




    2



    0

Leave a Reply

Your email address will not be published. Required fields are marked *