New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon CLF-C02 Exam - Topic 1 Question 18 Discussion

Actual exam question for Amazon's CLF-C02 exam
Question #: 18
Topic #: 1
[All CLF-C02 Questions]

A user wants to allow applications running on an Amazon EC2 instance to make calls to other AWS services. The access granted must be secure. Which AWS service or feature should be used?

Show Suggested Answer Hide Answer
Suggested Answer: C

IAM roles are a secure way to grant permissions to applications running on an Amazon EC2 instance to make calls to other AWS services. IAM roles are entities that have specific permissions policies attached to them. You can create an IAM role and associate it with an EC2 instance when you launch it or later. The applications on the instance can then use the temporary credentials provided by the role to access AWS resources that the role allows.This way, you do not have to store any long-term credentials or access keys on the instance, which reduces the risk of compromise or misuse12.

The other options are not correct, because:

Security groups are virtual firewalls that control the inbound and outbound traffic for your EC2 instances.Security groups do not grant permissions to access other AWS services, but rather filter the network traffic based on rules that you define3.

AWS Firewall Manager is a service that helps you centrally configure and manage firewall rules across your accounts and resources. AWS Firewall Manager works with AWS WAF, AWS Shield Advanced, and Amazon VPC security groups.AWS Firewall Manager does not grant permissions to access other AWS services, but rather helps you enforce consistent security policies across your AWS infrastructure4.

IAM user SSH keys are credentials that allow you to connect to your EC2 instance using SSH.SSH keys do not grant permissions to access other AWS services, but rather authenticate your identity when you log in to your instance5.


Using an IAM role to grant permissions to applications running on Amazon EC2 instances - AWS Identity and Access Management

IAM roles for Amazon EC2 - Amazon Elastic Compute Cloud

Security groups for your VPC - Amazon Virtual Private Cloud

What is AWS Firewall Manager? - AWS Firewall Manager

Connecting to your Linux instance using SSH - Amazon Elastic Compute Cloud

by Annmarie at May 13, 2024, 05:22 PM

Limited Time Offer

25%

Off

Get Premium CLF-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Gerry
3 months ago
IAM roles are the best practice, no doubt!
upvoted 0 times
...
Aileen
3 months ago
I thought IAM user SSH keys were enough?
upvoted 0 times
...
Oliva
3 months ago
Wait, can you use security groups for this? Seems off.
upvoted 0 times
...
Gregoria
4 months ago
Agreed, IAM roles are the way to go.
upvoted 0 times
...
Moon
4 months ago
Definitely IAM roles for secure access!
upvoted 0 times
...
Lavelle
4 months ago
I feel like IAM user SSH keys might not be the best fit for this scenario, but I can't recall the exact reason why.
upvoted 0 times
...
Sharee
4 months ago
I practiced a similar question where IAM roles were mentioned as the best option for granting permissions. Seems like the right choice here too.
upvoted 0 times
...
Margery
4 months ago
I'm not entirely sure, but I remember something about security groups being more about network access rather than service permissions.
upvoted 0 times
...
Lasandra
5 months ago
I think IAM roles are the way to go for allowing EC2 instances to access other AWS services securely.
upvoted 0 times
...
Lorean
5 months ago
Based on the question, IAM roles seem like the way to go. They allow the EC2 instance to access other services without exposing sensitive credentials. Feels like the most secure and straightforward solution here.
upvoted 0 times
...
Brande
5 months ago
I'm a bit confused on this one. Is it IAM roles or the AWS Firewall Manager? I'll need to double-check the differences between those two options to make the best choice.
upvoted 0 times
...
Camellia
5 months ago
IAM roles for sure. That's the recommended way to grant secure access from an EC2 instance to other AWS services. The instance can assume the role without needing to manage separate user credentials.
upvoted 0 times
...
Kathryn
5 months ago
Hmm, I'm not sure about this one. Security groups and IAM roles both seem like they could work, but I'll need to review the details of each to decide which is the most appropriate for this scenario.
upvoted 0 times
...
Ruthann
5 months ago
I think IAM roles would be the best option here. They allow the EC2 instance to securely access other AWS services without needing to manage individual user credentials.
upvoted 0 times
...
Hildred
5 months ago
Hmm, I'm a bit confused on this one. I know Discovery has multiple phases, but I can't recall which one specifically covers the server RAM value. I'll have to think this through carefully.
upvoted 0 times
...
Billi
5 months ago
Hmm, this looks like a tricky one. I'll need to think carefully about the different stages in the call processing order and where aliases can be changed.
upvoted 0 times
...
Miesha
5 months ago
I'm pretty sure the next step involves really understanding the user needs before moving forward, like we discussed in class.
upvoted 0 times
...
Nickolas
5 months ago
ACL, got it. That makes sense as the way to allow or deny access to network resources. I feel pretty good about selecting that option.
upvoted 0 times
...

Save Cancel