Question : An organization Account ID . has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform? { "Version": "2012-10-17", "Statement": [{ "Sid": "AllowUsersAllActionsForCredentials", "Effect": "Allow", "Action": [ "iam:*LoginProfile", "iam:*AccessKey*", "iam:*SigningCertificate*" ], "Resource": ["arn:aws:iam:: 123412341234:user/${aws:username}"] }] }
1. The policy allows the IAM user to modify all IAM user's credentials using the console, SDK, CLI or APIs 2. The policy will give an invalid resource error 3. Access Mostly Uused Products by 50000+ Subscribers 4. The policy allows the user to modify all IAM user's password, sign in certificates and access keys using only CLI, SDK or APIs
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization Account ID 123412341234. wants some of their users to manage credentials access keys, password, and sing in certificates of all IAM users, they should set an applicable policy to that user or group of users. The below mentioned policy allows the IAM user to modify the credentials of all IAM user's using only CLI, SDK or APIs. The user cannot use the AWS console for this activity since he does not have list permission for the IAM users. { "Version": "2012-10-17", "Statement": [{ "Sid": "AllowUsersAllActionsForCredentials", "Effect": "Allow" "Action": [ "iam:*LoginProfile", "iam:*AccessKey*", "iam:*SigningCertificate*" ], "Resource": ["arn:aws:iam::123412341234:user/${aws:username}"] }] }
Question : . A sys admin is trying to understand the sticky session algorithm. Please select the correct sequence of steps, both when the cookie is present and when it is not, to help the admin understand the implementation of the sticky session:
1. ELB inserts the cookie in the response 2. ELB chooses the instance based on the load balancing algorithm 3. Access Mostly Uused Products by 50000+ Subscribers 4. The cookie is found in the request 5. The cookie is not found in the request
1. 3,1,4,2 [Cookie is not Present] & 3,1,5,2 [Cookie is Present] 2. 3,4,1,2 [Cookie is not Present] & 3,5,1,2 [Cookie is Present] 3. Access Mostly Uused Products by 50000+ Subscribers 4. 3,2,5,4 [Cookie is not Present] & 3,2,4,5 [Cookie is Present]
Explanation: Generally AWS ELB routes each request to a zone with the minimum load. The Elastic Load Balancer provides a feature called sticky session which binds the user's session with a specific EC2 instance. The load balancer uses a special load-balancer-generated cookie to track the application instance for each request. When the load balancer receives a request, it first checks to see if this cookie is present in the request. If so, the request is sent to the application instance specified in the cookie. If there is no cookie, the load balancer chooses an application instance based on the existing load balancing algorithm. A cookie is inserted into the response for binding subsequent requests from the same user to that application instance.
Question :
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned SSL protocols is not supported by the security policy?
Correct Answer : Get Lastest Questions and Answer : Elastic Load Balancing uses a Secure Socket Layer : SSL negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. Elastic Load Balancing supports the following versions of the SSL protocol: TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0 SSL 2.0
1. Consolidate your accounts so you have a single bill for all accounts and projects 2. Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account 3. Access Mostly Uused Products by 50000+ Subscribers occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project. 4. Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend