Which of the following cannot be used in Amazon EC2 to control who has access to specific Amazon EC2 instances?

Which of the following cannot be used in Amazon EC2 to control who has access to specific Amazon EC2
instances?

Which of the following cannot be used in Amazon EC2 to control who has access to specific Amazon EC2
instances?

A.
Security Groups

B.
IAM System

C.
SSH keys

D.
Windows passwords



Leave a Reply 25

Your email address will not be published. Required fields are marked *


Tahir

Tahir

it is very confusing now the link given says EC2 can control the access to EC2, pls confirm which will be the correct answer.

Tahir

Tahir

it is very confusing now the link given says IAM can control the access to EC2, pls confirm which will be the correct answer.

kay

kay

B is correct.

You can use IAM to control how other users use resources in your “AWS account”

RC

RC

IAM is used to control the access on AWS resources for IAM/Account users. It does NOT handle the access control on any type of instances (DB or compute on any other)

Khaled

Khaled

A.
Security Groups

is the correct answer, security Groups defined what can be access (services) not Who

B. IAM System (where you can create all users and role) so it is about who and what

C. SSH keys is is Who

D. Windows passwords this is also Who.

Indian

Indian

madhar chod

ssul

ssul

B: is the correct answer.

as IAM only use to get internal resource instead of new build infr e.g. (EC2)

Magwif

Magwif

I am with Khaled on this one the question asks WHO can access EC2 instances

Security group is a firewall that controls traffic not users

this link has already been posted but here it is again
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UsingIAM.html

A security group acts as a firewall that controls the traffic allowed to reach one or more instances. When you launch an instance, you assign it one or more security groups. You add rules to each security group that control traffic for the instance. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances to which the security group is assigned.

Answer: A

Duck bro

Duck bro

B
By using IAM with Amazon EC2, you can control whether users in your organization can perform a task using specific Amazon EC2 API actions and whether they can use specific AWS resources.
IAM allows to control only what actions a user can perform on the EC2 resources but cannot be used to grant access for users to be able to access or login to the instances

Duck Bro

Duck Bro

B
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.

Raja

Raja

Thanks for sharing link and it’s clear B is the answer

Amit

Amit

B is correct, Your EC2 instance can be accessed by anyone who doesn’t even have any user in AWS but has the Private Key.

IAM system is required to offer privilidges of the console , API or CLI on what you can do with AWS services itself.

Tsao

Tsao

A is correct. Surprised so many of you picked B

Zane

Zane

A is the correct answer. A security group secures an instance at the port and protocol level. Security groups don’t have the ability to secure against specific people, only specific ports and protocols.

humphrey

humphrey

All SAA questions are extracted from AWS whitepaper. It’s very clear that B is the answer.

http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.

Ganesh Ghube

Ganesh Ghube

A.
Security Groups

Halloween

Halloween

I understand why people pick B, because of what is written in the “IAM_UseCases” link.

But I want to know why they say that Security Groups can be used to control “who” has access to the operating system.

A Security Group can only control “from what IP address” they can have access to the instance.

Jose

Jose

You don’t need IAM permission to access a EC2 (Windows or Linux).

Any user with IP / guest credentials can access this EC2 guest resource.

dan52048

dan52048

Still a bit of confused, as I will go with B in the real exam.

Raka

Raka

Question targets the options which cannot control access to EC2 instances.
IAM system is only to control who can access the EC2 service for commissioning.
It cannot control who can login to the EC2 instance, which is control by
Security groups – can define who can access to the system. Entries missing are implicit deny.
SSH keys – to be able to login to the Instance
Windows Password – for windows instances as it needs a password

Source: http://jayendrapatil.com/aws-ec2-security/