When assessing an organization s use of AWS API access credentials which of the following three
credentials should be evaluated?
Choose 3 answers
A.
Key pairs
B.
Console passwords
C.
Access keys
D.
Signing certificates
E.
Security Group memberships
Explanation:
http://media.amazonwebservices.com/AWS_Operational_Checklists.pdf
A,C and D
BC and D
Surely ABC? You dont belong to an SG in AWS, and wtf is a signing certificate in the context of AWS?
acd
BCD, “key pairs” is too broad and “security group memberships” doesnt even exist.
bCD
BCD
From http://media.amazonwebservices.com/AWS_Operational_Checklists.pdf page 8:
How will your administrators, systems, or applications authenticate their AWS infrastructure requests to
AWS APIs?
AWS provides a number of authentication mechanisms including a console, account IDs and secret
keys, X.509 certificates, and MFA devices to control access to AWS APIs. Console authentication is
the most appropriate for administrative or manual activities, account IDs and secret keys for
accessing REST-based interfaces or tools, and X.509 certificates for SOAP-based interfaces and tools.
Your organization should consider the circumstances under which it will leverage access keys, x.509
certificates, console passwords, or MFA devices
Ans: A, C, D (1.58)
BCD the answer as
A: wrong becaus the Key-pair used to access the AWS resources not the used as credentials like Access keys “PEM”
E: wrong because the security groups are not kind of a credentials it is used by the EC2 to allow or deny traffic type