ExamGecko
Search Search Login
Home Home / Amazon / CLF-C02
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which AWS service gives users on-demand, sell-service access to AWS compliance control reports?
Which AWS service provides storage-optimized and compute-optimized device configurations?
A company is running a reporting web server application on Amazon EC2 instances. The application runs once every week and once again at the end of the month. The EC2 instances can be shut down when they are not in use. What is the MOST cost-effective billing model for this use case?
A company needs to manage multiple logins across AWS accounts within the same organization in AWS Organizations. Which AWS service should the company use to meet this requirement?
Which design principle aligns with performance efficiency pillar of the AWS Well-Architected Framework?
According to the AWS shared responsibility model, which of the following are AWS responsibilities? (Select TWO.)
Which AWS service can create a private network connection from on premises to the AWS Cloud?
Which AWS service or feature allows users to securely store encrypted credentials and retrieve these credentials when required?
A company purchased Amazon EC2 Standard Reserved Instances (Rls) for a workload in the AWS Cloud. The company needs to move part of the workload to an instance family that does not match the instance family of these Standard RIs. How can the company take advantage of the Standard RIs that it no longer needs?
Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Select TWO.)

Question 453 - CLF-C02 discussion

Report
Export

A developer has been hired by a large company and needs AWS credentials.

Which are security best practices that should be followed? (Select TWO.)

A.
Grant the developer access to only the AWS resources needed to perform the job.
Answers
A.
Grant the developer access to only the AWS resources needed to perform the job.
B.
Share the AWS account root user credentials with the developer.
Answers
B.
Share the AWS account root user credentials with the developer.
C.
Add the developer to the administrator's group in AWS IAM.
Answers
C.
Add the developer to the administrator's group in AWS IAM.
D.
Configure a password policy that ensures the developer's password cannot be changed.
Answers
D.
Configure a password policy that ensures the developer's password cannot be changed.
E.
Ensure the account password policy requires a minimum length.
Answers
E.
Ensure the account password policy requires a minimum length.
Suggested answer: A, E

Explanation:

The security best practices that should be followed are A and E.

A) Grant the developer access to only the AWS resources needed to perform the job. This is an example of the principle of least privilege, which means giving the minimum permissions necessary to achieve a task. This reduces the risk of unauthorized access, data leakage, or accidental damage to AWS resources. You can use AWS Identity and Access Management (IAM) to create users, groups, roles, and policies that grant fine-grained access to AWS resources12.

E) Ensure the account password policy requires a minimum length. This is a basic security measure that helps prevent brute-force attacks or guessing of passwords. A longer password is harder to crack than a shorter one. You can use IAM to configure a password policy that enforces a minimum password length, as well as other requirements such as complexity, expiration, and history34.

B) Share the AWS account root user credentials with the developer. This is a bad practice that should be avoided. The root user has full access to all AWS resources and services, and can perform sensitive actions such as changing billing information, closing the account, or deleting all resources. Sharing the root user credentials exposes your account to potential compromise or misuse. You should never share your root user credentials with anyone, and use them only for account administration tasks5 .

C) Add the developer to the administrator's group in IAM. This is also a bad practice that should be avoided. The administrator's group has full access to all AWS resources and services, which is more than what a developer needs to perform their job. Adding the developer to the administrator's group violates the principle of least privilege and increases the risk of unauthorized access, data leakage, or accidental damage to AWS resources. You should create a custom group for the developer that grants only the necessary permissions for their role12.

D) Configure a password policy that ensures the developer's password cannot be changed. This is another bad practice that should be avoided. Preventing the developer from changing their password reduces their ability to protect their credentials and comply with security policies. For example, if the developer's password is compromised, they cannot change it to prevent further unauthorized access. Or if the company requires periodic password rotation, they cannot update their password to meet this requirement. You should allow the developer to change their password as needed, and enforce a password policy that sets reasonable rules for password management34.

Show Answer
asked 16/09/2024
J Von
49 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms