Get All the Questions Covering Entire Syllabus from here  : 2019 : This material is owned by . Please dont copy its bad Karma

Question-10: Suppose you attach a policy to an IAM user and specify condition such that request from a range of IP address (from your corporate network) can use AWS services like EBS, EC2 and KMS to encrypt and decrypt volume attached to EC2 instance. Now this same IAM user attempts to attach an encrypted volume to an EC2 instance and action fails even user has permission on all three required services. Why?

  1. Request from VPC which is not part of same AWS regions are not allowed.
  2. Request from different VPCs are not allowed.
  3. IP address is not listed correctly in the allowed list of IP addresses.
  4. Selected EC2 instance does not support encrypted EBS volume.

Abs: C

Detailed Explanation:  If you don’t have correct knowledge than such options can confuse you and lead to choose wrong answer. In this case Request reaching to KMS to decrypt the volumes encrypted data key comes from the IP address of EC2 instance which does not allow IP addresses other than specified in the Policy Document. You allowed IP addresses from your corporate network but not the IP address of your EC2 instance. Similar issue can occur if you specify VPC based conditions in policy.

All AWS Certification Products, Training, Books and PDF you must use are below

 AWS Developer Certification : Associate Level     AWS Sysops Administrator Certification : Assciate Level      AWS Solution Architect Certification : Associate Level     AWS Soltion Architect : Professional Level    AWS Certified Security Specialty (SCS-C01)     AWS Professional certification Exam        AWS Package Deal      Book : AWS Solution Architect Associate : Little Guide     AWS Security Specialization Certification: Little Guide SCS-C01     AWS Solution Architect : Training Associate