Questions 58 to 60

Explanations for questions 58 to 60

We'll cover the following

Question 58
Question 59
Question 60

Question 58

You are deploying an application on Amazon EC2 that must call AWS APIs. Which method of securely passing credentials to the application should you use?

Store the API credentials on the instance using instance metadata.
Store API credentials as an object in Amazon S3.
Embed the API credentials into your application files.
Assign IAM roles to the EC2 instances.

Correct Answer: 4

Explanation: Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances. For example, you can securely distribute your AWS credentials to the instances, enabling the applications on those instances to use your credentials to sign requests while protecting your credentials from other users.

However, it is challenging to securely distribute credentials to each instance, especially those that AWS creates on your behalf, such as Spot Instances or instances in Auto Scaling groups. You must also be able to update the credentials on each instance when you rotate your AWS credentials.

IAM roles enable your applications to securely make API requests from your instances without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles.

INCORRECT: “Store the API credentials on the instance using instance metadata.” is incorrect. It is an AWS best practice to not store API credentials within applications, on file systems, or on instances (such as in metadata).

INCORRECT: “Store API credentials as an object in Amazon S3.” is incorrect. It is an AWS best practice to not store API credentials within applications, on file systems, or on instances (such as in metadata).

INCORRECT: “Embed the API credentials into your application files.” is incorrect. It is an AWS best practice to not store API credentials within applications, on file systems, or on instances (such as in metadata).

CORRECT: “Assign IAM roles to the EC2 instances.” is the correct answer.

References:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

Level up your interview prep. Join Educative to access 70+ hands-on prep courses.

Introduction

Getting Started

Compute

Storage

AWS Database

Migration

Networking and Content Delivery

Management Tools

Media Services

Analytics

AWS Security, Identity, & Compliance

Application Integration

AWS Desktop & App Streaming

Wrapping Up

Practice Exam 1

Practice Exam 1 Explanations

Practice Exam 2

Practice Exam 2 Explanations

Practice Exam 3

Practice Exam 3 Explanations

Practice Exam 4

Practice Exam 4 Explanations

Practice Exam 5

Practice Exam 5 Explanations

Practice Exam 6

Practice Exam 6 Explanations

Questions 58 to 60

Question 58