Question : The CFO of a company wants to allow one of his employees to view only the AWS usage report page. Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?
Explanation: AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the CFO wants to allow only AWS usage report page access, the policy for that IAM user will be as given below: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-portal:ViewUsage" ], "Resource": "*" } ] }
Question : An organization has created IAM users. The organization wants each of the IAM users to have access to a separate DyanmoDB table. All the users are added to the same group and the organization wants to setup a group level policy for this. How can the organization achieve this?
1. Define the group policy and add a condition which allows the access based on the IAM name 2. Create a DynamoDB table with the same name as the IAM user name and define the policy rule which grants access based on the DynamoDB ARN using a variable 3. Access Mostly Uused Products by 50000+ Subscribers 4. It is not possible to have a group level policy which allows different IAM users to different DynamoDB Tables
Explanation:AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. AWS DynamoDB has only tables and the organization cannot makeseparate databases. The organization should create a table with the same name as the IAM user name and use the ARN of DynamoDB as part of the group policy. The sample policy is shown below: { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["dynamodb:*"], "Resource": "arn:aws:dynamodb:region:account-number-without-hyphens:table/${aws:username}" } ] }
Question : A user has configured an HTTPS listener on an ELB. The user has not configured any security policy which can help to negotiate SSL between the client and ELB. What will ELB do in this scenario?
1. By default ELB will select the first version of the security policy 2. By default ELB will select the latest version of the policy 3. Access Mostly Uused Products by 50000+ Subscribers 4. It is not required to have a security policy since SSL is already installed
Correct Answer : Get Lastest Questions and Answer : Elastic Load Balancing uses a Secure Socket Layer SSL negotiation configuration which is known as a Security Policy. It is used to negotiate the SSL connections between a client and the load balancer. If the user has created an HTTPS/SSL listener without associating any security policy, Elastic Load Balancing will, bydefault, associate the latest version of the ELBSecurityPolicy-YYYY-MM with the load balancer.