ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 67 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 67
Topic #: 1
[All AWS Certified Security - Specialty Questions]

An application has been built with Amazon EC2 instances that retrieve messages from Amazon SQS. Recently, IAM changes were made and the instances can no longer retrieve messages.
What actions should be taken to troubleshoot the issue while maintaining least privilege? (Choose two.)

  • A. Configure and assign an MFA device to the role used by the instances.
  • B. Verify that the SQS resource policy does not explicitly deny access to the role used by the instances.
  • C. Verify that the access key attached to the role used by the instances is active.
  • D. Attach the AmazonSQSFullAccess managed policy to the role used by the instances.
  • E. Verify that the role attached to the instances contains policies that allow access to the queue.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by Bad_Mat at March 13, 2021, 3:52 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Hungdv
Highly Voted 3 years, 9 months ago
B and E
upvoted 20 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: BE
BE are the correct answers here.
upvoted 1 times
...
Nuha_23
1 year, 10 months ago
Selected Answer: BE
B and E
upvoted 1 times
...
OCHT
2 years ago
Selected Answer: BE
Option A isn't necessary for resolving the issue described. MFA is generally used for human users to provide a second authentication factor, not for application roles used by EC2 instances. Option C is not appropriate because roles do not have access keys. Access keys are associated with IAM users, not roles. Option D isn't aligned with the principle of least privilege. Attaching the AmazonSQSFullAccess managed policy to the role used by the instances would give full access to SQS, which may be more permissions than necessary for the operation of the application.
upvoted 2 times
...
examioLol
2 years, 9 months ago
Selected Answer: BE
B and E
upvoted 1 times
...
sapien45
2 years, 11 months ago
Selected Answer: BE
Best answer bot got it right
upvoted 1 times
...
MoreOps
3 years, 2 months ago
Selected Answer: BE
I think the answers are B and E
upvoted 1 times
...
Radhaghosh
3 years, 5 months ago
Agreed B & E Correct
upvoted 1 times
...
network_zeal
3 years, 6 months ago
BE, though bit confusing as question says IAM modification whereas B is about resource policy modification
upvoted 1 times
...
nparimi
3 years, 8 months ago
BE What I look for source: SQS giving out permission to role ie B, at destination role also has appropriate permissions ie E
upvoted 4 times
...
sanjaym
3 years, 9 months ago
Ans: BE 100%
upvoted 3 times
...
Bad_Mat
3 years, 9 months ago
I think it's C and E
upvoted 4 times
Huy
3 years, 9 months ago
It is B&E. You don't need access key once you use IAM role for EC2 instance.
upvoted 8 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel