Exam AWS Certified Solutions Architect - Professional topic 1 question 86 discussion

Answer is B Keyword is "launch and start production instances" => C does not stop him to do terminate

B http://jayendrapatil.com/tag/tags/

B. Leverage resource based tagging, along with an IAM user which can prevent specific users from terminating production, EC2 resources.

B is right and C is wrong. C just complicates the stopping procedure and can NOT prevent admin from stopping them.

obviously terminate production instance should be denied.

Well this is so poorly worded that one can only guess: A) "not allowed ... by leveraging termination protection". Termination protection is not user specific. B) So you have an IAM user that prevents "specific users": so an I am user is patrolling and as soon as one of the "specific users" tries to terminate an instance this hero steps in preventing the damage ... C) Multifactor requires to authenticate: yes, and with a second device. It does not prevent termination but at least its not completely ridiculous. D) It says apply an role to a user ... nonesense? Yes C its bad as it gets. Who would do it that way? But C is only bad and not complete nonsense .

A. Wrong. EC2 termination protection prevents anyone to perform the termination unless the protection is disabled. B. Doable but too much work that C C. This is the answer. Instance termination protection is the easiest and simplest way to go. I use Terraform to bring up and manage AWS resources with the default setting to protect resources, not just EC2, from being terminated by mistake with a default variable file and another specific variable file for unsetting the protection during the development phase or using the command line variables (or even manually) disable the protection before performing any change after the development phase. D. Misunderstand IAM user, role, and policy

CCCCCC

thought it was D. not B.

key word "launch and start production instances." -> terminate production should be prohibited

C. https://aws.amazon.com/premiumsupport/knowledge-center/accidental-termination/

B. because it allows u separate dev and prod instances and utilize IAM to disable the prod termination access

b lets you separate dev and prod

A B and D assume that you will login as this user that has been created, what if he is not logged in as that user? Therefore only possible answer is C

CCCCCC

Correct answer is C. Ignore everyone sayings it's B...IT'S NOT B. The requirement states that he still needs to be able to delete resources after the fix is implemented. This question was made for termination protection and MFA just adds onto it.

Pretty sure its C . He still has to be able to terminate them, just not y accident. Yes MFA won't help here, but termination protection does.