Exam AWS-SysOps topic 1 question 18 discussion

Answer is ACD: You use different types of security credentials depending on how you interact with AWS. For example, you use a user name and password to sign in to the AWS Management Console. You use access keys to make programmatic calls to AWS API actions. Key pairs consist of a public key and a private key. You use the private key to create a digital signature, and then AWS uses the corresponding public key to validate the signature. You can create Amazon EC2 key pairs from the Amazon EC2 console, CLI, or API. Access keys consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you make to AWS if you use the AWS SDKs, REST, or Query APIs. One can use the IAM API to upload a certificate, via the UploadServerCertificate request. Option B and E are wrong because this is done via the Console and not via API’s. For more information on Security, please visit the below URL: http://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html

CDE are correct. While options A (Key pairs) and B (Console passwords) are also related to AWS access, they are not as directly relevant to API access credentials. Key pairs are more commonly used for SSH access to EC2 instances, and Console passwords are used to access the AWS Management Console. While they are essential for overall security, they are not the primary credentials used for making programmatic API requests, which are the focus of the question. Hence, options C, D, and E are the more relevant credentials to evaluate in the context of AWS API access.

At first I thought ABC. Although I'm not sure if console passwords qualifies as API, so I could see why others didn't pick B. But D seems to be more along the lines of SSL. However the exaptation seems to have been taken from somewhere. Usually when the answers are incorrect there is no no explanation or a link that has the actual correct answers. So now I vote ACD.

ACD is the answer

B|C|D are the answers You wont need key pair or Security group membership

key pairs are not used in API access. They are used by EC2 instances and CloudFront *only*. Answer is BCD.

Answer is ACD

BCD,, All console call are through API

Well. I think it should be ABC also

ABC Console password gives you access to AWS API's

BCD They asking to evaluate credentials. So how do you evaluate a key pair credential? AWS provides a number of authentication mechanisms including a console, account IDs and secret keys, X.509 certificates and MFA devices to control access to AWS APIs" Console authentication is the most appropriate for administrative or manual activities, Account IDs and secret keys for accessing REST based interfaces or tools, and X.509 certificates for SOAP based interfaces and tools. Your organization should consider the circumstances under which it will leverage access keys, x.509 certificates, console passwords, or MFA devices. access keys = access key IDs + secret access keys Amazon EC2 uses public–key cryptography to encrypt and decrypt login information. This does not guarantee authentication.

A. Key pairs C. Access keys D. Signing certificates

Answer is ACD