Question : A user is trying to connect to a running EC instance using SSH. However, the user gets an Unprotected Private Key File error. Which of the below mentioned options can be a possible reason for rejection?
Explanation: While doing SSH to an EC2 instance, if you get an Unprotected Private Key File error it means that the private key file's permissions on your computer are too open. Ideally the private key should have the Unix permission of 0400. To fix that, run the command: chmod 0400 /path/to/private.key
Question : A user has provisioned IOPS to the EBS volume. The application hosted on that EBS is experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the IOPS of the volume? 1. The application does not have enough IO for the volume 2. The instance is EBS optimized 3. Access Mostly Uused Products by 50000+ Subscribers 4. The volume size is too large
Explanation: When the application does not experience the expected IOPS or throughput of the PIOPS EBS volume that was provisioned, the possible root cause could be that the EC2 bandwidth is the limiting factor and the instance might not be either EBS-optimized or might not have 10 Gigabit network connectivity. Another possible cause for not experiencing the expected IOPS could also be that the user is not driving enough I/O to the EBS volumes. The size of the volume may not affect IOPS.
Question : A storage admin wants to encrypt all the objects stored in S using server side encryption. The user does not want to use the AES encryption key provided by S3. How can the user achieve this? 1. The admin should upload his secret key to the AWS console and let S3 decrypt the objects 2. The admin should use CLI or API to upload the encryption key to the S3 bucket. When making a call to the S3 API mention the encryption key URL in each request 3. Access Mostly Uused Products by 50000+ Subscribers 4. The admin should send the keys and encryption algorithm with each API call
Explanation: AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API callto supply his own encryption key. Amazon S3 never stores the user's encryption key. The user has to supply it for each encryption or decryption call.