AWS Identity and Access Management

Question 1

A document that identifies one or more actions related to AWS resources.

Answer 1

IAM Policies

Question 2

Programmatically access your AWS environment

Answer 2

Access Keys

Question 3

Associate users with common job functions with access levels to perform work functions within the AWS environment.

Answer 3

IAM Groups

Question 4

Temporary access of 12 hours allows users or services to access your account resources in your AWS environment.

Answer 4

IAM Roles

Question 5

AWS issues trusted IAM users temporary access of 12 hours using this security feature when assuming its new role

Answer 5

AWS Security Token Service (STS)

Question 6

Federated identity access for mobile or untrusted users allows for sign-up and grants temporary access while controlling that access based on the definition you set up.

Answer 6

Amazon Cognito

Question 7

Running in two AZs, this resource takes on the burden of taking care of all the necessary infrastructure for managing an AD server and moving it to the cloud

Answer 7

AWS Managed Microsoft AD

Question 8

Acting as a gateway to redirect authentication requests from AWS service to your on-prem without caching any data on AWS.

Answer 8

AD Connector

Question 9

This service works across multiple AWS accounts within an AWS organization. Streamlining authentication and authorizations using an existing Microsoft AD.

Answer 9

AWS Single Sign-On (SSO)

Question 10

You can manage policy-based controls across multiple AWS accounts. Companies with more than one can use this feature to unify and integrate how assets are exposed and consumed.

Answer 10

AWS Organizations

Question 11

It enables tracking, rotation, and deletion of keys that protect your data in the AWS account. It also integrates with CloudTrail for compliance purposes.

Answer 11

AWS Key Management Service (KMS)

Question 12

You can deliver credentials to applications on request, allowing Amazon to rotate the credentials, encrypting the delivery and using KMS for storage at rest.

Answer 12

AWS Secrets Manager

Question 13

This service performs cryptographic operations on your web server’s behalf. Offloading the computational load is FIPS compliant, and HPC computation can be accelerated.

Answer 13

AWS CloudHSM

Question 14

The AWS feature enables sharing resources with users across multiple accounts within an organization or externally, allowing all authorized users to access shared resources in the same region without duplication.

Answer 14

AWS Resource Access Manager (AWS RAM)

Question 15

An access control policy allows for granular control at the organizational level, restricting or enforcing permissions across all accounts in AWS Organizations, ensuring uniform access control org-wide.

Answer 15

Service Control Policies (SCP)