Questão 7 — Simulado AWS Certified Cloud Practitioner (CLF-C02) | Questões Atualizadas
Which action is a security best practice for access to sensitive data that is stored in an Amazon S3 bucket?
- A. Enable S3 Cross-Region Replication (CRR) on the S3 bucket.
- B. Use IAM roles for applications that require access to the S3 bucket.
- C. Configure AWS WAF to prevent unauthorized access to the S3 bucket.
- D. Configure Amazon GuardDuty to prevent unauthorized access to the S3 bucket.
Resposta correta:
B
Explicação
Explanation: Understanding IAM Roles: IAM (Identity and Access Management) roles in AWS are designed to delegate access permissions without sharing long-term security credentials. This means applications and services can use temporary security credentials, which enhances security. Why IAM Roles are Best Practice: Least Privilege Principle: By using IAM roles, you can ensure that applications only have the minimum permissions they need to function, reducing the risk of unauthorized access. Temporary Credentials: Roles provide temporary security credentials, which reduce the risk if they are compromised compared to long- term access keys. Automated Rotation: Temporary credentials automatically expire and are rotated, which means you don't have to manage the rotation manually. How to Implement IAM Roles: Create an IAM Role: In the AWS Management Console, navigate to IAM, and create a new role. Choose the type of trusted entity (e.g., EC2, Lambda). Attach Policies: Attach the necessary policies to the role that define the permissions for accessing the S3 bucket. Assign Role to Service: Attach the IAM role to your EC2 instances, Lambda functions, or other AWS services that need to access the S3 bucket. Use AWS SDKs: When accessing S3 from your application, use the AWS SDKs to automatically assume the IAM role and obtain temporary credentials. : AWS Identity and Access Management (IAM) IAM Roles
Quer todas as 881 questões por R$ 198,00?