ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 245 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 245
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company deploys an application on on-premises devices in the company’s on-premises data center. The company uses an AWS Direct Connect connection between the data center and the company's AWS account. During initial setup of the on-premises devices and during application updates, the application needs to retrieve configuration files from an Amazon Elastic File System (Amazon EFS) file system.

All traffic from the on-premises devices to Amazon EFS must remain private and encrypted. The on-premises devices must follow the principle of least privilege for AWS access. The company's DevOps team needs the ability to revoke access from a single device without affecting the access of the other devices.

Which combination of steps will meet these requirements? (Choose two.)

  • A. Create an IAM user that has an access key and a secret key for each device. Attach the AmazonElasticFileSystemFullAccess policy to all IAM users. Configure the AWS CLI on the on-premises devices to use the IAM user's access key and secret key.
  • B. Generate certificates for each on-premises device in AWS Private Certificate Authority. Create a trust anchor in IAM Roles Anywhere that references an AWS Private CA. Create an IAM role that trust IAM Roles Anywhere. Attach the AmazonElasticFileSystemClientReadWriteAccess to the role. Create an IAM Roles Anywhere profile for the IAM role. Configure the AWS CLI on the on-premises devices to use the aws_signing_helper command to obtain credentials.
  • C. Create an IAM user that has an access key and a secret key for all devices. Attach the AmazonElasticFileSystemClientReadWriteAccess policy to the IAM user. Configure the AWS CLI on the on-premises devices to use the IAM user's access key and secret key.
  • D. Use the amazon-efs-utils package to mount the EFS file system.
  • E. Use the native Linux NFS client to mount the EFS file system.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by KaranNishad at June 29, 2024, 2:49 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
getadroit
Highly Voted 10 months ago
BD: https://aws.amazon.com/blogs/aws/amazon-efs-update-on-premises-access-via-direct-connect-vpc/
upvoted 5 times
...
KaranNishad
Highly Voted 10 months, 1 week ago
Selected Answer: BD
B. Generate certificates for each on-premises device in AWS Private Certificate Authority. Create a trust anchor in IAM Roles Anywhere that references an AWS Private CA. Create an IAM role that trusts IAM Roles Anywhere. Attach the AmazonElasticFileSystemClientReadWriteAccess policy to the role. Create an IAM Roles Anywhere profile for the IAM role. Configure the AWS CLI on the on-premises devices to use the aws_signing_helper command to obtain credentials. D. Use the amazon-efs-utils package to mount the EFS file system.
upvoted 5 times
...
tgv
Most Recent 9 months, 2 weeks ago
Selected Answer: BD
---> B D
upvoted 2 times
...
trungtd
9 months, 3 weeks ago
Selected Answer: BD
A. Creating individual IAM users with full access does not follow the principle of least privilege => Wrong C. Using a single IAM user for all devices does not allow the ability to revoke access from a single device without affecting others => Wrong E. Technically feasible, but it does not inherently provide encryption in transit
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago