Premium

AWS Certified Developer - Associate Questions and Answers (Dumps and Practice Questions)



Question : You are creating multiple IAM users. What advice should be given to him to enhance the security?
: You are creating multiple IAM users. What advice should be given to him to enhance the security?
1. Grant least privileges to the individual user
2. Grant more privileges to the user, but least privileges to the group
1. Grant all higher privileges to the group
2. Grant less privileges for user, but higher privileges for the group

Correct Answer : Get Lastest Questions and Answer :
Explanation: It is a recommended rule that the root user should grant the least privileges to the IAM user or the group. The higher the privileges, the more problems it can create. Lock away your AWS account (root) access keys : You use an access key (an access key ID and secret access key) to make programmatic requests to AWS. However, do not use your AWS account (root) access key. The access key for your AWS account gives full access to all your resources for all AWS services, including your billing information. You cannot restrict the permissions associated with your AWS account access key.
Create individual IAM users : Don't use your AWS root account credentials to access AWS, and don't give your credentials to anyone else. Instead, create individual users for anyone who needs access to your AWS account. Create an IAM user for yourself as well, give that user administrative privileges, and use that IAM user for all your work.
Use groups to assign permissions to IAM users : Instead of defining permissions for individual IAM users, it's usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.), define the relevant permissions for each group, and then assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can simply change what IAM group their IAM user belongs to.
Grant least privilege : When you create IAM policies, follow the standard security advice of granting least privilege-that is, granting only the permissions required to perform a task. Determine what users need to do and then craft policies for them that let the users perform only those tasks.

It's more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenient and then trying to tighten them later. Defining the right set of permissions requires some research to determine what is required for the specific task, what actions a particular service supports, and what permissions are required in order to perform those actions.
Configure a strong password policy for your users : If you allow users to change their own passwords, require that they create strong passwords and that they rotate their passwords periodically. On the Account Settings page of the IAM console, you can create a password policy for your account. You can use the password policy to define password requirements, such as minimum length, whether it requires non-alphabetic characters, how frequently it must be rotated, and so on.
Enable MFA for privileged users : For extra security, enable multifactor authentication (MFA) for privileged IAM users (users who are allowed access to sensitive resources or APIs). With MFA, users have a device that generates a unique authentication code (a one-time password, or OTP) and users must provide both their normal credentials (like their user name and password) and the OTP. The MFA device can either be a special piece of hardware, or it can be a virtual device (for example, it can run in an app on a smartphone).





Question : HadoopExam Learning Resources is trying to create a policy for an IAM user from the AWS console.
Which of the below mentioned options is not available to the user while configuring policy?
: HadoopExam Learning Resources is trying to create a policy for an IAM user from the AWS console.
1. Use custom policy to create policy
2. Use policy simulator to create policy
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Assign No permission

Correct Answer : Get Lastest Questions and Answer :

Explanation: If you allow users to change their own passwords, require that they create strong passwords and that they rotate their passwords periodically. On the Account Settings page of the IAM console, you can create a password policy for your account. You can use the password policy to define password requirements, such as minimum length, whether it requires non-alphabetic characters, how frequently it must be rotated, and so on. When a user is trying to create a policy from the AWS console, it will have options such as create policy from templates or use a policy generator. The user can also define a custom policy or chose the option to have no permission. The policy simulator is not available in the console.

Use policy conditions for extra security

To the extent that it's practical, define the conditions under which your IAM policies allow access to a resource. For example, you can write conditions to specify a range of allowable IP addresses that a request must come from, or you can specify that a request is allowed only within a specified date range or time range. You can also set conditions that require the use of SSL or MFA (multifactor authentication). For example, you can require that a user has authenticated with an MFA device in order to be allowed to terminate an Amazon EC2 instance.






Question : QuickTechie.com has enabled a strict password policy for its IAM users.
And is taking help from the IAM console to set the password policy.
Which of the below mentioned rules cannot be specified by the user as a part of the policy?

: QuickTechie.com has enabled a strict password policy for its IAM users.
1. Allow at least one non-alphanumeric character
2. Allow at least one number
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Do not allow the user to use the password from the last three passwords

Correct Answer : Get Lastest Questions and Answer :
Explanation: AWS IAM allows an organization to create multiple users and provide them access to various AWS services. By default when the user is created, he does not have password enabled and can not login to AWS console. If the organization wants to allow the users to login to AWS console, they can enable password for each user. It is required that IAM users follow certain guidelines to set their IAM login password. For this IAM provides root account owner to setup passwrod policy. The password policy also lets the specify whether all IAM users can change their own passwords. As part of policy, organization can specify that passwords for IAM users must be of a certain minimum length, must include certain characters, and a few more criteria such as below.
One upper / lower or both letters
One alpha numeric
One number
Setting an Account Password Policy for IAM Users

This topic describes how to set a password policy for your account that lets you specify complexity requirements and rotation periods for passwords for your IAM users. You can use a password policy to do these things:

Set a minimum password length.

Require specific character types, including uppercase letters, lowercase letters, numbers, and non-alphanumeric characters. Be sure to remind your users that passwords are case sensitive.
Allow all IAM users to change their own passwords.
Require IAM users to change their password after a specified period of time (enable password expiration).
Prevent IAM users from reusing previous passwords.
Force IAM users to contact an account administrator when the user has allowed his or her password to expire.

When you create or change a password policy, most of the password policy settings are enforced the next time your users change their passwords. When you set minimum length and character type requirements, they are enforced the next time your users change their passwords-users are not forced to change their existing passwords, even if the pre-existing passwords do not adhere to the updated password policy. When you set a password expiration period, the expiration period is enforced immediately. For example, when you set a password expiration period of 90 days, all IAM users with an existing password that is more than 90 days old are forced to change their password at next sign-in.





Related Questions

Question : How can you have complete separation of the physical hardware for the virtual machines from the other tenants in EC?
 : How can you have complete separation of the physical hardware for the virtual machines from the other tenants in EC?
1. Use single tenant option
2. Use enhanced EC2 instances
3. Access Mostly Uused Products by 50000+ Subscribers
4. Use dedicated instances


Question : You have launched an EC micro instance from the AWS Linux image and when you are trying to SSH the instance,
it gives a message "No supported Authentication Method" after the user enters the user ID ec2-user.
Which of the below mentioned options is a possible reason for the error?
 : You have launched an EC micro instance from the AWS Linux image and when you are trying to SSH the instance,
1. The instance is not configured for security
2. The instance default user name is wrong
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The user might not have attached the key-pair with the EC2 instance


Question : You have launched an EC instance and wants to launch a similar instance with the same AMI ID,
Instance Type and AZ with ease. What is the option provided by AWS?
 : You have launched an EC instance and wants to launch a similar instance with the same AMI ID,
1. Create the instance template and launch it
2. Use the option "Launch More like this" from the AWS console
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Use the option "Launch from template" from the AWS console


Question : An EBS volume was unable to detach from an instance. Thus, the user used the Force Detach option.
Which of the below mentioned options can happen after the volume has been Forcibly detached?
 : An EBS volume was unable to detach from an instance. Thus, the user used the Force Detach option.
1. AWS deletes the volume automatically since it will be in a corrupted state
2. The instance may not be able to flush the file system and may result in a corrupted file system of the volume
 3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS terminates the instance automatically since the file system is corrupted


Question : You have created an EBS volume of GB. The user takes the first snapshot of that volume. What will happen when the snapshot is taken?
 : You have created an EBS volume of GB. The user takes the first snapshot of that volume. What will happen when the snapshot is taken?
1. AWS will copy all the blocks from EBS and create a snapshot
2. The I/O on the volume will be frozen while a snapshot is being taken
 3. Access Mostly Uused Products by 50000+ Subscribers
4. AWS will create a snapshot of the modified content in the same AZ of the region


Question : You have attached an EBS volume created from an existing snapshot to a running instance. The volume is not mounted on the instance yet.
Now you takes a snapshot of the attached volume, what will happen?
 : You have attached an EBS volume created from an existing snapshot to a running instance. The volume is not mounted on the instance yet.
1. The new snapshot will only have the original volume content
2. The snapshot will succeed but it will have no data
 3. Access Mostly Uused Products by 50000+ Subscribers
4. The snapshot will succeed with all the modified data of the EBS volume