{"id":134,"date":"2021-01-06T16:42:00","date_gmt":"2021-01-06T16:42:00","guid":{"rendered":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/aws-certified-solutions-architect-professional-sap-c01-question127\/"},"modified":"2021-01-06T16:42:00","modified_gmt":"2021-01-06T16:42:00","slug":"aws-certified-solutions-architect-professional-sap-c01-question127","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/aws-certified-solutions-architect-professional-sap-c01-question127\/","title":{"rendered":"AWS Certified Solutions Architect &#8211; Professional SAP-C01 &#8211; Question127"},"content":{"rendered":"<div class=\"question\">An organization has 4 people in the IT operations team who are responsible to manage the AWS infrastructure. The organization wants to setup that each user will have access to launch and manage an instance in a zone which the other user cannot modify.<br \/>\nWhich of the below mentioned options is the best solution to set this up? <br \/><strong><br \/>A.<\/strong> Create four AWS accounts and give each user access to a separate account. <br \/><strong>B.<\/strong> Create an IAM user and allow them permission to launch an instance of a different sizes only. <br \/><strong>C.<\/strong> Create four IAM users and four VPCs and allow each IAM user to have access to separate VPCs. <br \/><strong>D.<\/strong> Create a VPC with four subnets and allow access to each subnet for the individual IAM user.<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>D<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nExplanation: A Virtual Private Cloud (VPC) is a virtual network dedicated to the user&#8217;s AWS account. The user can create subnets as per the requirement within a VPC. The VPC also work with IAM and the organization can create IAM users who have access to various VPC services. The organization can setup access for the IAM user who can modify the security groups of the VPC. The sample policy is given below:<br \/>\n{<br \/>\n&#8220;Version&#8221;: &#8220;2012-10-17&#8221;,<br \/>\n&#8220;Statement&#8221;:<br \/>\n[<br \/>\n{ &#8220;Effect&#8221;: &#8220;Allow&#8221;,<br \/>\n&#8220;Action&#8221;: &#8220;ec2:RunInstances&#8221;,<br \/>\n&#8220;Resource&#8221;: [&#8220;arn:aws:ec2:region::image\/ami-*&#8221;, &#8220;arn:aws:ec2:region:account:subnet\/subnet-1a2b3c4d&#8221;, &#8220;arn:aws:ec2:region:account:network-interface\/*&#8221;, &#8220;arn:aws:ec2:region:account:volume\/*&#8221;, &#8220;arn:aws:ec2:region:account:key-pair\/*&#8221;, &#8220;arn:aws:ec2:region:account:security-group\/sg-123abc123&#8221; ]<br \/>\n }<br \/>\n ]<br \/>\n}<br \/>\nWith this policy the user can create four subnets in separate zones and provide IAM user access to each subnet.<br \/>\nReference:<br \/>\n<a href=\"http:\/\/docs.aws.amazon.com\/AmazonVPC\/latest\/UserGuide\/VPC_IAM.html\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">http:\/\/docs.aws.amazon.com\/AmazonVPC\/latest\/UserGuide\/VPC_IAM.html<\/a><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>An organization has 4 people in the IT operations team who are responsible to manage the AWS infrastructure. The organization wants to setup that each user will have access to launch and manage an instance in a zone which the other user cannot modify. Which of the below mentioned options is the best solution to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,130],"class_list":["post-134","post","type-post","status-publish","format-standard","hentry","category-aws-certified-solutions-architect-professional-sap-c01","tag-aws-certified-solutions-architect-professional-sap-c01","tag-question-127"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/posts\/134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/comments?post=134"}],"version-history":[{"count":0,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/posts\/134\/revisions"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/media?parent=134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/categories?post=134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Solutions_Architect-Professional_SAP-C01\/wp-json\/wp\/v2\/tags?post=134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}