ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 71 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 71
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A company is running a two-tier ecommerce application in one AWS account. The web server is deployed using an Amazon RDS for MySQL Multi-AZ DB instance. A Developer mistakenly deleted the database in the production environment. The database has been restored, but this resulted in hours of downtime and lost revenue.
Which combination of changes in existing IAM policies should a Database Specialist make to prevent an error like this from happening in the future? (Choose three.)

  • A. Grant least privilege to groups, users, and roles
  • B. Allow all users to restore a database from a backup that will reduce the overall downtime to restore the database
  • C. Enable multi-factor authentication for sensitive operations to access sensitive resources and API operations
  • D. Use policy conditions to restrict access to selective IP addresses
  • E. Use AccessList Controls policy type to restrict users for database instance deletion
  • F. Enable AWS CloudTrail logging and Enhanced Monitoring
Show Suggested Answer Hide Answer
Suggested Answer: ACD 🗳️
by chicagomassageseeker at July 13, 2020, 7:21 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
chicagomassageseeker
Highly Voted 3 years, 7 months ago
ACD are right
upvoted 14 times
bipin_john
1 year, 1 month ago
Correct answer
upvoted 1 times
...
...
novice_expert
Highly Voted 3 years ago
Selected Answer: ACD
A. Least previleges C. Multi factor D. restrict access
upvoted 5 times
...
MultiAZ
Most Recent 1 year, 4 months ago
Selected Answer: ACE
I go fro ACE. IP address is not a reliable decision tool.
upvoted 1 times
...
Pranava_GCP
1 year, 8 months ago
Selected Answer: ACD
A. Grant least privilege to groups, users, and roles C. Enable multi-factor authentication for sensitive operations to access sensitive resources and API operations D. Use policy conditions to restrict access to selective IP addresses
upvoted 1 times
...
jiyakurani
1 year, 10 months ago
ACD are correct options
upvoted 1 times
...
teo2157
2 years, 2 months ago
Selected Answer: ACD
There's no AccessList Controls for RDS, so based on that goes for ACD
upvoted 2 times
...
ninjalight25
2 years, 2 months ago
Selected Answer: ACD
the correct options are A, C, and D.
upvoted 1 times
...
lollyj
2 years, 5 months ago
Selected Answer: ACE
Can someone explain why E isn't plausible? I didn't choose D because sometimes developers are need access to Prod environments and restricting their IPs doesn't mean they can't utilize another IP to do the same damage.
upvoted 3 times
Mintwater
2 years, 1 month ago
E -- Access Control List -- not for RDS, IAM. IAM have policies to manage the privileges, but no list
upvoted 1 times
...
...
khun
2 years, 5 months ago
Selected Answer: ACE
ACE. { "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:DeleteDBInstance" ], "Resource": [ "arn:aws:rds:::db:" ], "Effect": "Deny" } ] }
upvoted 4 times
...
db2luwdba
2 years, 10 months ago
Prevent a user from deleting a DB instance The following permissions policy grants permissions to prevent a user from deleting a specific DB instance. For example, you might want to deny the ability to delete your production DB instances to any user that is not an administrator. { "Version": "2012-10-17", "Statement": [ { "Sid": "DenyDelete1", "Effect": "Deny", "Action": "rds:DeleteDBInstance", "Resource": "arn:aws:rds:us-west-2:123456789012:db:my-mysql-instance" } ] } ABE-- Wording of the question not very accurate. RDS Access polict can be done this way but there is nothing called as Access Control list poicy type in RDS
upvoted 3 times
db2luwdba
2 years, 10 months ago
I mean ACE
upvoted 3 times
...
...
tugboat
3 years, 2 months ago
Selected Answer: ACD
Appropriate and RDS supported options
upvoted 2 times
...
awsmonster
3 years, 3 months ago
Agree with ACD https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_id-based-policy-examples.html
upvoted 5 times
Mintwater
2 years, 1 month ago
Policy best practices --- Require multi-factor authentication (MFA) Apply least-privilege permissions Get started with AWS managed policies and move toward least-privilege permissions Use conditions in IAM policies to further restrict access
upvoted 1 times
...
...
guru_ji
3 years, 6 months ago
I got this Question in exam. 60% questions came in actual exam from this 145 set. Bunch of new Questions. We can share study material for free, You can email me on "awsdbguru at gmail"
upvoted 4 times
...
guru_ji
3 years, 6 months ago
Correct Answer ==>> ACD any idea how much Q we will get in real exam from Q available here? anyone is preparing for this exam and want to do group study with us, comment with mail_id.
upvoted 1 times
...
manan728
3 years, 6 months ago
ACD are correct choices. MFA is specified in the aws docs specifically for such use case https://aws.amazon.com/blogs/database/using-iam-multifactor-authentication-with-amazon-rds/
upvoted 3 times
...
ricksun
3 years, 7 months ago
I go for ACE
upvoted 4 times
ricksun
3 years, 7 months ago
change to ACD since RDS not support access list
upvoted 1 times
...
...
myutran
3 years, 7 months ago
Ans: ACD
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago