Topic 1 Question 103
2 つ選択A SysOps administrator needs to control access to groups of Amazon EC2 instances using AWS Systems Manager Session Manager. Specific tags on the EC2 instances have already been added. Which additional actions should the administrator take to control access?
Attach an IAM policy to the users or groups that require access to the EC2 instances.
Attach an IAM role to control access to the EC2 instances.
Create a placement group for the EC2 instances and add a specific tag.
Create a service account and attach it to the EC2 instances that need to be controlled.
Create an IAM policy that grants access to any EC2 instances with a tag specified in the Condition element.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: AE
A. Attach an IAM policy to the users or groups that require access to the EC2 instances: IAM policies can be used to control access to resources in AWS. The policy can specify which actions are allowed or denied and which resources the user or group can access. In this case, the policy should include permissions to use the Session Manager service.
E. Create an IAM policy that grants access to any EC2 instances with a tag specified in the Condition element: This policy can specify that access is granted only to instances with specific tags. For example, a policy could specify that users or groups can only access instances that have a specific tag, such as "Environment=Prod". This helps to ensure that only the appropriate instances are accessed.
👍 4Vivec2023/03/09 - 正解だと思う選択肢: AE
B does not make sense because the Admin is granting access via session manager. Since IAM Users or Groups are more likely to use session manager than an AWS service or federated identity would be, A makes more sense than B.
👍 3Bonzai902102022/09/15 - 正解だと思う選択肢: BE
A and E are the same, attach or update policies, both actions are the same
👍 3zolthar_z2022/12/19
シャッフルモード