A Cloud Guru - AWS Dev Assoc Flashcards

1
Q

What is an IAM Policy?

  • The policy which determines how your AWS bill will be paid
  • A CSV file which contains a users Access Key and Secret Access Key
  • A JSON document which defines one or more permissions
  • A file containing a user’s private SSH key
A

A JSON document which defines one or more permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which statement best describes IAM?

  • IAM allows you to manage permissions for AWS resources only.
  • IAM stands for Improvised Application Management, and it allows you to deploy and manage applications in the AWS Cloud.
  • IAM allows you to manage users’ passwords only. AWS staff must create new users for your organization. This is done by raising a ticket.
  • IAM allows you to manage users, groups, and roles and their corresponding level of access to the AWS Platform.
A

IAM allows you to manage users, groups, and roles and their corresponding level of access to the AWS Platform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In AWS, what is IAM used for? (choose all that apply)

  1. Creating and managing users and groups
  2. Assigning permissions to allow and deny access to AWS resources
  3. Secure VPN access to AWS
  4. Managing access to AWS services
A

1, 2, 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AWS recommends that EC2 instances have credentials stored on them so that the instances can access other resources (such as S3 buckets).

T/F?

A

false

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which is the best way to enable your EC2 instance to read files in an S3 bucket?

  • Create a new IAM user and grant read access to S3. Store the user’s credentials locally on the EC2 instance and configure your application to supply the credentials with each API request
  • Create a new IAM group and grant read access to S3. Store the group’s credentials locally on the EC2 instance and configure your application to supply the credentials with each API request.
  • Create an IAM role with read-access to S3 and assign the role to the EC2 instance
  • Configure a bucket policy which grants read-access based on the EC2 instance name
A

As a security best practice, AWS recommends the use of roles for applications that run on Amazon EC2 instances.

IAM roles allow applications to securely make API requests from instances, without requiring you to manage the security credentials that the applications use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is NOT a feature of IAM?

  • Allows you to set up biometric authentication, so that no passwords are required
  • Fine-grained access control to AWS resources
  • Integrates with existing active directory account allowing single sign on
  • Centralized control of your AWS account
A

Allows you to set up biometric authentication, so that no passwords are required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which IAM entity can you use to delegate access to your AWS resources to users, groups or services?

  • IAM Role
  • IAM User
  • IAM Group
  • IAM Web Identity Federation
A

IAM Role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly