Multiple Choice
The Security team needs to provide a team of interns with an AWS environment so they can build the serverless video transcoding application. The project will use Amazon S3, AWS Lambda, Amazon API Gateway, Amazon Cognito, Amazon DynamoDB, and Amazon Elastic Transcoder. The interns should be able to create and configure the necessary resources, but they may not have access to create or modify AWS IAM roles. The Solutions Architect creates a policy and attaches it to the interns' group. How should the Security team configure the environment to ensure that the interns are self-sufficient?
A) Create a policy that allows creation of project-related resources only. Create roles with required service permissions, which are assumable by the services.
B) Create a policy that allows creation of all project-related resources, including roles that allow access only to specified resources.
C) Create roles with the required service permissions, which are assumable by the services. Have the interns create and use a bastion host to create the project resources in the project subnet only.
D) Create a policy that allows creation of project-related resources only. Require the interns to raise a request for roles to be created with the Security team. The interns will provide the requirements for the permissions to be set in the role.
Correct Answer:
Verified
Correct Answer:
Verified
Q735: Your system recently experienced down time during
Q736: A large company in Europe plans to
Q737: In an AWS CloudFormation template, each resource
Q738: Which of the following is the Amazon
Q739: A company runs a popular public-facing ecommerce
Q741: An organization has hosted an application on
Q742: One of your AWS Data Pipeline activities
Q743: Identify an application that polls AWS Data
Q744: An organization is planning to host a
Q745: An enterprise runs 103 line-of-business applications on