2. IAM

Question 1

What does IAM stand for in AWS?

Answer 1

Identity and Access Management

Question 2

What is the root account in AWS, and how should it be used?

Answer 2

The root account is created by default and should not be used or shared, except for initial account setup.

Question 3

True or False: Users can belong to multiple groups in IAM.

Answer 3

True

Question 4

Can a group in IAM contain other groups?

Answer 4

No, groups only contain users, not other groups.

Question 5

What is an IAM policy?

Answer 5

A JSON document that defines permissions for users or groups in AWS.

Question 6

Which principle suggests giving the minimum permissions necessary for users?

Answer 6

The principle of least privilege.

Question 7

Fill in the blank: IAM policies are written in _____ format.

Answer 7

JSON

Question 8

What is the ‘Effect’ in an IAM policy statement used for?

Answer 8

It defines whether the statement allows or denies access.

Question 9

True or False: A user must be part of a group in IAM.

Answer 9

False

Question 10

What is a Sid in an IAM policy statement?

Answer 10

It is an optional identifier for the statement.

Question 11

Name two types of characters that can be required in an AWS password policy.

Answer 11

Uppercase letters and numbers

Question 12

How does MFA enhance security for IAM users?

Answer 12

MFA requires a second factor (device-based) in addition to a password, making it harder for accounts to be compromised if passwords are stolen.

Question 13

What is one type of MFA device supported by AWS?

Answer 13

Virtual MFA device like Google Authenticator.

Question 14

True or False: Access keys should be shared with other users.

Answer 14

False

Question 15

Fill in the blank: The IAM service that allows managing AWS services through code is the _____

Answer 15

AWS SDK

Question 16

How can users programmatically access AWS?

Answer 16

Using access keys through AWS CLI or AWS SDK.

Question 17

True or False: IAM roles are only for human users.

Answer 17

False, IAM roles are for AWS services or applications as well.

Question 18

What is the primary use of the IAM Credentials Report?

Answer 18

To provide an account-level report listing users and their credential statuses.

Question 19

What AWS tool can show the last access time for services permitted to a user?

Answer 19

IAM Access Advisor

Question 20

What is the purpose of the AWS CLI?

Answer 20

To manage AWS services using command-line commands.

Question 21

True or False: Access keys can be generated for IAM users through the AWS Console.

Answer 21

True

Question 22

What is the Shared Responsibility Model in IAM?

Answer 22

AWS manages infrastructure, while users manage their IAM configurations and permissions.

Question 23

Fill in the blank: AWS recommends enabling _____ for all accounts to enhance security.

Answer 23

MFA

Question 24

What AWS feature allows users to access services with minimal permissions granted by roles?

Answer 24

IAM Roles

Question 25

Can IAM roles be assigned to AWS Lambda functions?

Answer 25

Yes, IAM roles can be assigned to Lambda functions and other services.

Question 26

What should be avoided when using the root account?

Answer 26

Using it regularly; it should only be used for initial setup.

Question 27

What’s an example of a resource that IAM policies can restrict access to?

Answer 27

EC2 instances, S3 buckets, or any AWS resource.

Question 28

Fill in the blank: The AWS Management Console can be accessed with a _____ and optionally MFA.

Answer 28

password

Question 29

What does the ‘Action’ element in an IAM policy define?

Answer 29

The list of actions the policy allows or denies on AWS services.

Question 30

True or False: AWS SDKs are available for multiple programming languages.

Answer 30

True

Question 31

What is an example of an AWS SDK-supported language?

Answer 31

Python, JavaScript, Java, among others.

Question 32

What is the purpose of an IAM Role for an EC2 instance?

Answer 32

It grants permissions for the EC2 instance to access other AWS resources on behalf of the user.

Question 33

What is the least privileged approach in IAM policy design?

Answer 33

Providing users with only the permissions they absolutely need.

Question 34

Name one best practice for IAM users and groups.

Answer 34

Assign permissions to groups instead of individual users.

Question 35

What is an Access Key ID equivalent to?

Answer 35

A username for programmatic access.

Question 36

True or False: An IAM policy’s ‘Condition’ is mandatory.

Answer 36

False, it is optional.

Question 37

Fill in the blank: IAM _____ allow policies to be applied to groups of users.

Answer 37

Groups

Question 38

What are inline policies?

Answer 38

Policies that are embedded directly within IAM roles or users rather than being shared.

Question 39

What should an organization regularly do to IAM keys?

Answer 39

Rotate them often to maintain security.

Question 40

True or False: Users should share their Access Key and Secret Access Key to enhance collaboration.

Answer 40

False

Question 41

What feature in IAM can enforce password complexity and expiration?

Answer 41

Password policy

Question 42

True or False: The AWS CLI and SDK are both tools for programmatic access to AWS.

Answer 42

True

Question 43

What is the purpose of MFA in IAM?

Answer 43

To provide additional security by requiring a second factor in addition to the password.

Question 44

Fill in the blank: IAM _____ allows restricting permissions based on user actions.

Answer 44

policies

Question 45

What AWS security feature helps identify unused permissions by users?

Answer 45

IAM Access Advisor

Question 46

Name one IAM security best practice for managing user permissions.

Answer 46

Use IAM Credential Reports to audit and manage permissions regularly.