ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 291 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 291
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

An Amazon EC2 instance is running an application that uses Amazon Simple Queue Service (Amazon SQS) queues. A SysOps administrator must ensure that the application can read, write, and delete messages from the SQS queues.

Which solution will meet these requirements in the MOST secure manner?

  • A. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Embed the IAM user's credentials in the application's configuration
  • B. Create an IAM user with an IAM policy that allows the sqs:SendMessage permission, the sqs:RecelveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues. Export the IAM user's access key and secret access key as environment variables on the EC2 instance.
  • C. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows sqs:* permissions to the appropriate queues.
  • D. Create and associate an IAM role that allows EC2 instances to call AWS services. Attach an IAM policy to the role that allows the sqs:SendMessage permission, the sqs:ReceiveMessage permission, and the sqs:DeleteMessage permission to the appropriate queues.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by kondratyevmn at May 12, 2023, 4:38 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kondratyevmn
Highly Voted 1 year, 5 months ago
Selected Answer: D
1.IAM users - aren't recommended for use. Out. 2.Considering "least privilege" approach, option D is a better fit.
upvoted 7 times
jipark
1 year, 2 months ago
correct !!
upvoted 1 times
...
...
gonaldo24
Most Recent 1 year, 3 months ago
wrong. it's C.
upvoted 1 times
[Removed]
1 year, 3 months ago
Why C? Because CHAT AI answered you? https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
upvoted 2 times
[Removed]
1 year, 3 months ago
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-api-permissions-reference.html
upvoted 1 times
...
...
tgv
6 months, 2 weeks ago
FYI, 99.9% times you are not supposed to use the wildcard on any policy (service:*). you are always supposed to use the least privilege access, meaning you need to only declare the actions you need.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago