BOOK: AWS - Identity and Access Mgt (IAM)

Question 1

What address do you use to get to the management dashboard for IAM?

Answer 1

https://console.aws.amazon.com/iam

Question 2

What are the three best practices for protecting the IAM “root” account?

Answer 2

• Add MFA (multi-factor authentication)
• Do not use the root account for daily actions
• Use a strong password

Question 3

For programmatic, or command-line access what will you need to authenticate?

Answer 3

access keys

Question 4

Opening a remote login session to a Linux instance on Elastic Compute Cloud (EC2) will require a valid ________________________.

Answer 4

set of access keys

Question 5

You can configure a password policy from the______________________ section of the IAM.

Answer 5

Account Settings

Question 6

MFA works by associating a physical device—either a ____________ or MFA-compliant device like ________, or a smartphone with the Authenticator app installed with your account.

Answer 6

• Universal 2nd Factor (U2F)

- YubiKey

Question 7

You can generate a new set of access keys while logged into the AWS Management Console from the _________________________.

Answer 7

Security Credentials page

Question 8

After choosing the “Create New Access Key” button, you will have an option of downloading the key to your computer as a text file , or ______________________

Answer 8

showing the actual Access Key ID, and Secret Access Key values in the dialog, where you can copy and paste them somewhere safe.

Question 9

The industry-standard tool for safely encrypting remote login sessions is the______________ protocol.

Answer 9

Secret Shell (SSH)

Question 10

When you launch a new EC2 Linux instance, you’ll be prompted either to use an existing ____________ or create a new one.

Answer 10

SSH key pair

Question 11

True or False.
You’ll only get one opportunity to download the private half of your SSH key pair to your computer, when setting up the initial connection to an EC2 instance

Answer 11

True.

Question 12

You’re better off creating users to whom you can assign only the permissions needed for a specific set of tasks. This adheres to what principle?

Answer 12

the principle of least privilege

Question 13

If you wanted to create a primary admin to replace your root user for day-to-day administration, hyou would select the _________________ policy.

Answer 13

AdministratorAccess

Question 14

If your AWS data is encrypted, AWS will invisibly decrypt your data only when______________.

Answer 14

the access request is accompanied by authentication.

Question 15

You can have S3 encrypt the objects of a bucket at any time—during or after bucket creation. You can select either ____________or____________ encryption.

Answer 15

S3-managed server-side encryption keys (SSE-S3),

KMS-managed keys (SSE-KMS)

Question 16

If you want to apply client-side encryption to an S3, then you need to encrypt your data before uploading it to S3 using either a _______________or a ________________.

Answer 16

KMS-managed customer master key, client-side master key.

Question 17

AWS refers to documents that describe various regulatory standards as ____________.

Answer 17

artifacts

Question 18

Using standards such as _________ and _________________, you can incorporate external authentication into your AWS infrastructure.

Answer 18

SAML 2.0,

Microsoft Active Directory