Question : A sysadmin has created the below mentioned policy on an S bucket named hadoopexam. The bucket has both AWS.jpg and index.html objects. What does this policy define? "Statement": [{ "Sid": "Stmt11111111111111", "Effect": "Allow", "Principal": { "AWS": "*"}, "Action": [ "s3:GetObjectAcl", "s3:ListBucket", "s3:GetObject"], "Resource": [ "arn:aws:s3:::hadoopexam/*.jpg] }] 1. It will make all the objects as well as the bucket public 2. It will throw an error for the wrong action and does not allow to save the policy 3. It will make the AWS.jpg object as public 4. It will make the AWS.jpg as well as the hadoopexam bucket as public
Correct Answer : 2 Explanation: A sysadmin can grant permission to the S3 objects or the buckets to any user or make objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally if user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket. In the below policy the action says "S3:ListBucket" for effect Allow and when there is no bucket name mentioned as a part of the resource, it will throw an error and not save the policy. "Statement": [{ "Sid": "Stmt11111111111111", "Effect": "Allow", "Principal": { "AWS": "*"}, "Action": [ "s3:GetObjectAcl", "s3:ListBucket", "s3:GetObject"], "Resource": [ "arn:aws:s3:::hadoopexam/*.jpg] }] Granting Permissions to Multiple Accounts with Added Conditions The following example policy grants the s3:PutObject and s3:PutObjectAcl permissions to multiple AWS accounts and requires that any request for these operations include the public-read canned ACL. For more information, see Specifying Permissions in a Policy and Specifying Conditions in a Policy. { "Version":"2012-10-17", "Statement":[{ "Sid":"AddCannedAcl", "Effect":"Allow", "Principal": { "AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"] }, "Action":["s3:PutObject","s3:PutObjectAcl" ], "Resource":["arn:aws:s3:::examplebucket/*" ], "Condition":{ "StringEquals":{ "s3:x-amz-acl":["public-read"] } } } ]}
Question : A user has launched an EC instance and deployed a production application in it. The user wants to prohibit any mistakes from the production team to avoid accidental termination. How can the user achieve this? 1. The user can the set DisableApiTermination attribute to avoid accidental termination 2. It is not possible to avoid accidental termination 3. The user can set the Deletion termination flag to avoid accidental termination 4. The user can set the InstanceInitiatedShutdownBehavior flag to avoid accidental termination
Correct Answer : 1
Explanation: Enabling Termination Protection for an Instance By default, you can terminate your instance using the Amazon EC2 console, command line interface, or API. If you want to prevent your instance from being accidentally terminated using Amazon EC2, you can enable termination protection for the instance. The DisableApiTermination attribute controls whether the instance can be terminated using the console, CLI, or API. By default, termination protection is disabled for your instance. You can set the value of this attribute when you launch the instance, while the instance is running, or while the instance is stopped (for Amazon EBS-backed instances).
The DisableApiTermination attribute does not prevent you from terminating an instance by initiating shutdown from the instance (using an operating system command for system shutdown) when the InstanceInitiatedShutdownBehavior attribute is set. For more information, see Changing the Instance Initiated Shutdown Behavior.
You can't prevent instances that are part of an Auto Scaling group from terminating using termination protection. However, you can specify which instances should terminate first. For more information, see Choosing a Termination Policy in the Auto Scaling Developer Guide. It is always possible that someone can terminate an EC2 instance using the Amazon EC2 console, command line interface or API by mistake. If the admin wants to prevent the instance from being accidentally terminated, he can enable termination protection for that instance. The DisableApiTermination attribute controls whether the instance can be terminated using the console, CLI or API. By default, termination protection is disabled for an EC2 instance. When it is set it will not allow the user to terminate the instance from CLI, API or the console.
Question : When an instance terminates, the data on any instance store volumes associated with that instance is _________ 1. Will not be deleted 2. remain for 48 Hrs 3. Will be deleted 4. remain for 24 Hrs
Correct Answer : 3
Explanation: After you terminate an instance, it remains visible in the console for a short while, and then the entry is deleted.
When an instance terminates, the data on any instance store volumes associated with that instance is deleted.
By default, any Amazon EBS volumes that you attach as you launch the instance are automatically deleted when the instance terminates. However, by default, any volumes that you attach to a running instance persist even after the instance terminates. This behavior is controlled by the volume's DeleteOnTermination attribute, which you can modify. For more information, see Preserving Amazon EBS Volumes on Instance Termination.
You can prevent an instance from being terminated accidentally by someone using the AWS Management Console, the CLI, and the API. This feature is available for both Amazon EC2 instance store-backed and Amazon EBS-backed instances. Each instance has a DisableApiTermination attribute with the default value of false (the instance can be terminated through Amazon EC2). You can modify this instance attribute while the instance is running or stopped (in the case of Amazon EBS-backed instances). For more information, see Enabling Termination Protection for an Instance.
You can control whether an instance should stop or terminate when shutdown is initiated from the instance using an operating system command for system shutdown. For more information, see Changing the Instance Initiated Shutdown Behavior.
If you run a script on instance termination, your instance might have an abnormal termination, because we have no way to ensure that shutdown scripts run. Amazon EC2 attempts to shut an instance down cleanly and run any system shutdown scripts; however, certain events (such as hardware failure) may prevent these system shutdown scripts from running.