View all questions & answers for the NSE 7 - Public Cloud Security 7.6.4 Architect Exam Materials exam
Question 64 Discussion
Comments
Selected Answers: A
Describes the permissions required by the FortiWeb SDN connector. It lists specific API actions, such as eks:ListClusters and eks:DescribeCluster. AmazonEKSClusterPolicy, this policy is not a standard AWS managed policy. The name seems generic, but there is no policy with that name to attach. A is the option that is technically closest to an actual AWS policy that would meet this requirement.
-
alex silva
2025-09-13 15:31:39
https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonEKSClusterPolicy.html I found this link in my research, Sorry, answer 'D' AmazonEKSClusterPolicy is an AWS managed policy that allows an entity to perform actions on an EKS cluster, including eks:DescribeCluster and eks:ListClusters. These permissions are exactly what FortiWeb needs to "dynamically obtain information about existing objects" in the EKS cluster. The policy aligns with the objective. Although AmazonEKSConnectorServiceRolePolicy is a more specific option and aligned with the principle of least privilege, AmazonEKSClusterPolicy also grants the necessary permissions for FortiWeb to perform the described task. Exams sometimes get confused in this regard. When two answers meet the objective, what did the examiner want at the time?
Selected Answers: D
Sorry, answer 'D'
An administrator is configuring a software-defined network (SDN) connector in FortiWeb to dynamically obtain information about existing objects in an Amazon Elastic Kubernetes Service (EKS) cluster. Which AWS policy should the administrator attach to a user to achieve this goal? (Choose one answer)
Brave-Dump Clients Votes