A. Include the AssumeRole API in the application code logic to obtain credentials to access the Pll table.
B. Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role
C. An application running on Amazon EC2 instances in Account B requires access to the Pll table. An administrator in Account A created an IAM role named AccessPII with privileges to access the Pll tabler and made Account B a trusted entity.
Which combination of additional steps should developers take to access the table1? (Select TWO )
D. Ask an administrator in Account A to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies
E. Ask an administrator in Account B to allow the EC2 IAM role permission to assume the AccessPII role with predefined service control policies
F. Include the Gets ess ionToken API in the application code logic to obtain credentials to access the Pll table
答案:A,B,C
問題 #336
A bucket owner has allowed another account's IAM users to upload or access objects in his bucket. The IAM user of Account A is trying to access an object created by the IAM user of account B.
What will happen in this scenario?
A. AWS S3 will verify proper rights given by the owner of Account A, the bucket owner as well as by the IAM user B to the object
B. The bucket policy may not be created as S3 will give error due to conflict of Access Rights
C. It is not possible to give permission to multiple IAM users
D. It is not possible that the IAM user of one account accesses objects of the other IAM user
答案:A
解題說明:
If a IAM user is trying to perform some action on an object belonging to another AWS user's bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him.
It also verifies the policy for the bucket as well as the policy defined by the object owner.
問題 #337
A developer creates an AWS Lambda function that is written in Java. During testing, the Lambda function does not work how the developer expected. The developer wants to use tracing capabilities to troubleshoot the problem.
Which AWS service should the developer use to accomplish this goal?
A. AWS Trusted Advisor
B. Amazon CloudWatch
C. AWS X-Ray
D. AWS CloudTrail
答案:C
問題 #338
A Developer has been asked to make changes to the source code of an AWS Lambda function. The function is managed using an AWS CloudFormation template. The template is configured to load the source code from an Amazon S3 bucket. The Developer manually created a .ZIP file deployment package containing the changes and put the file into the correct location on Amazon S3. When the function is invoked, the code changes have not been applied.
What step is required to update the function with the changes?
A. Update the CloudFormation stack with the correct values for the function code properties S3Bucket, S3Key, or S3ObjectVersion.
B. Ensure that the function source code is base64-encoded before uploading the deployment package to S3.
C. Delete the .ZIP file on S3, and re-upload by using a different object key name.
D. Modify the execution role of the Lambda function to allow S3 access permission to the deployment package .ZIP file.
答案:A
解題說明:
Explanation
Changes to a deployment package in Amazon S3 are not detected automatically during stack updates. To update the function code, change the object key or version in the template. https://docs.aws.amazon.com/AWSC ... -function-code.html
問題 #339
Is it possible to create an S3 bucket accessible only by a certain IAM user, using policies in a CloudFormation template?
A. No, you can only create the S3 bucket but not the IAM user.
B. S3 is not supported by CloudFormation.
C. Yes, all these resources can be created using a CloudFormation template
D. No, in the same template you can only create the S3 bucket and the realtive policy.
答案:C
解題說明:
With AWS Identity and Access Management (IAM), you can create IAM users to control who has access to which resources in your AWS account.
You can use IAM with AWS CloudFormation to control what AWS CloudFormation actions users can perform, such as view stack templates, create stacks, or delete stacks.
In addition to AWS CloudFormation actions, you can manage what AWS services and resources are available to each user.