When assessing an organization s use of AWS API access credentials which of the following three credentials
should be evaluated?
Choose 3 answers
A.
Key pairs
B.
Console passwords
C.
Access keys
D.
Signing certificates
E.
Security Group memberships
Explanation:
http://media.amazonwebservices.com/AWS_Operational_Checklists.pdf
BCD. Key pairs are not used in API access.
I agree with Blahidos. Answer from the the linked doc:
How will your administrators, systems, or applications authenticate their AWS infrastructure requests to AWS APIs? AWS provides a number of authentication mechanisms including a console, account IDs and secret keys, X.509 certificates
, and MFA devices to control access to AWS APIs. Console authentication is the most appropriate for administrative or manual activities, account IDs and secret keys for accessing REST-based interfaces or tools, and X.509 certificates for SOAP-based interfaces and tools. Your organization should consider the circumstances under which it will leverage access keys, x.509
certificates, console passwords, or MFA devices.
http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
BCD
Aren’t key pairs used to logon to your instances? That’s how I logon to Linux boxes. Once access is gained, you can execute AWS API commands from your Linux console. So I would believe A would be correct.
B refers to the Amazon web console, right? Which I wouldn’t count as API access. That’s GUI access.
I go with BCD . Please refer below link
http://media.amazonwebservices.com/AWS_Operational_Checklists.pdf
An effective strategy would include the consideration of when your organization will use, and
how it will manage, AWS Identity and Access Management (IAM) users, symmetric access keys, asymmetric X.509
certificates, console passwords, and hardware or virtual multifactor authentication (MFA) devices
That means BCD
ACD
acd
ACD
Below description quoted by some guys above is a general statement which clearly says Console Authentication is most appropriate for admin or manual activities. They listing it under API doesnt mean they saying to use it, rather they are adding considerations.
http://media.amazonwebservices.com/AWS_Operational_Checklists.pdf
Console authentication is the most appropriate for administrative or manual activities, account IDs and secret keys for accessing REST-based interfaces or tools, and X.509 certificates for SOAP-based interfaces and tools.
Your organization should consider the circumstances under which it will leverage access keys, x.509 certificates, console passwords, or MFA devices
ACD for this reason: Console authentication is the most appropriate for administrative or manual activities(not API)
BCD
“AWS provides a number of authentication mechanisms including a console, account IDs and secret
keys, X.509 certificates, and MFA devices to control access to AWS APIs. Console authentication is the most appropriate for administrative or manual activities, account IDs and secret keys for accessing REST-based interfaces or tools, and X.509 certificates for SOAP-based interfaces and tools.
Your organization should consider the circumstances under which it will leverage access keys, x.509certificates, console passwords, or MFA devices.”
BCD
So BCD