Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS TSA 2022 > Advanced IAM > Flashcards

Advanced IAM Flashcards

1
Q

What does AWS STS (Security Token Service) do?

A

It allows you to grant limited and temporary access to AWS resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 4 ways to gain access using STS?

A
  • Assume Role
  • AssumeRoleWithSAML
  • AssumeRoleWithWebIdentity
  • GetSessionToken
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How long does an AWS token last?

A

1 hour before requiring refresh

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does AssumeRole do?

A

Provides access within your own account and cross account access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does AssumeRoleWithSAML do?

A

Returns credentials for users logged in with SAML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does AssumeRoleWithWebIdentity do?

A

Returns credentials for users logged in with an Id provider like FB, Google etc. You should use Cognito instead of this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does GetSessionToken do?

A

It is for MFA users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is AWS Directory Services?

A

A managed Microsoft Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an AD Connector?

A

A Directory Gateway to redirect to on-premise AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Simple AD?

A

AD compatible managed directory on AWS that cannot be joined with an on-premise AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an SCP (Service Control Policy)?

A

It allows you to whitelist/blacklist IAM actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

At what level is the SCP applied?

A

Its applied at the Organizational Unit (OU) or Account Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What kind of users does the SCP apply to?

A

It applies to all users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are 2 use cases for SCP?

A
  • Restrict Access to certain services

- Enforce compliance by explicitly disabling services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When you see aws:SourceIP in an IAM statement, what does that reference?

A

The IP or list of IPs that are requested access to resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When you see aws:RequestedRegion in an IAM statement, what does that reference?

A

The region the API calls are made to

17
Q

What are IAM PermissionBoundaries?

A

They are an advanced feature to use a managed policy to set the max permissions an IAM entity can get

18
Q

What entities can IAM Permission Boundaries be assigned to?

A

Users and roles, not groups

19
Q

What is AWS Resource Access Manager (RAM)?

A

It allows you to share AWS resources with other AWS accounts

20
Q

Using Resource Access Manager, what 2 things can you do with VPC subnets?

A
  • Have all the resources launched in the same subnets

- Participants can manage their own resources there

21
Q

Using Resource Access Manager, what 2 things can you NOT do with VPC subnets?

A
  • Cannot share security groups or default VPC

- Cannot view, modify or delete resources that belong to other participants

AWS TSA 2022 (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions