Which of the following cannot be used in Amazon EC2 to control who has access to specific Amazon EC2
instances?
A.
Security Groups
B.
IAM System
C.
SSH keys
D.
Windows passwords
Which of the following cannot be used in Amazon EC2 to control who has access to specific Amazon EC2 instances?
Which of the following cannot be used in Amazon EC2 to control who has access to specific Amazon EC2
instances?
D is the correct answer.
Windows passwords by their very nature restrict access to Windows based EC2 instances. the answer is B.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UsingIAM.html
B
it is very confusing now the link given says EC2 can control the access to EC2, pls confirm which will be the correct answer.
it is very confusing now the link given says IAM can control the access to EC2, pls confirm which will be the correct answer.
B is correct.
You can use IAM to control how other users use resources in your “AWS account”
IAM is used to control the access on AWS resources for IAM/Account users. It does NOT handle the access control on any type of instances (DB or compute on any other)
A.
Security Groups
is the correct answer, security Groups defined what can be access (services) not Who
B. IAM System (where you can create all users and role) so it is about who and what
C. SSH keys is is Who
D. Windows passwords this is also Who.
correct
madhar chod
B: is the correct answer.
as IAM only use to get internal resource instead of new build infr e.g. (EC2)
I am with Khaled on this one the question asks WHO can access EC2 instances
Security group is a firewall that controls traffic not users
this link has already been posted but here it is again
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UsingIAM.html
A security group acts as a firewall that controls the traffic allowed to reach one or more instances. When you launch an instance, you assign it one or more security groups. You add rules to each security group that control traffic for the instance. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances to which the security group is assigned.
Answer: A
B
By using IAM with Amazon EC2, you can control whether users in your organization can perform a task using specific Amazon EC2 API actions and whether they can use specific AWS resources.
IAM allows to control only what actions a user can perform on the EC2 resources but cannot be used to grant access for users to be able to access or login to the instances
B
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
Thanks for sharing link and it’s clear B is the answer
B is correct, Your EC2 instance can be accessed by anyone who doesn’t even have any user in AWS but has the Private Key.
IAM system is required to offer privilidges of the console , API or CLI on what you can do with AWS services itself.
A is correct. Surprised so many of you picked B
A is the correct answer. A security group secures an instance at the port and protocol level. Security groups don’t have the ability to secure against specific people, only specific ports and protocols.
All SAA questions are extracted from AWS whitepaper. It’s very clear that B is the answer.
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
A.
Security Groups
I understand why people pick B, because of what is written in the “IAM_UseCases” link.
But I want to know why they say that Security Groups can be used to control “who” has access to the operating system.
A Security Group can only control “from what IP address” they can have access to the instance.
You don’t need IAM permission to access a EC2 (Windows or Linux).
Any user with IP / guest credentials can access this EC2 guest resource.
Exactly
Still a bit of confused, as I will go with B in the real exam.
Question targets the options which cannot control access to EC2 instances.
IAM system is only to control who can access the EC2 service for commissioning.
It cannot control who can login to the EC2 instance, which is control by
Security groups – can define who can access to the system. Entries missing are implicit deny.
SSH keys – to be able to login to the Instance
Windows Password – for windows instances as it needs a password
Source: http://jayendrapatil.com/aws-ec2-security/