CH2: IAM

Question 1

Manage users and their level of access to the AWS Console

Answer 1

Identity Access Management

IAM

Question 2

IAM

Centralized control of your

Answer 2

AWS account

Question 3

IAM

Shared access to your

Answer 3

AWS account

Question 4

IAM

Gives you Granular

Answer 4

Permissions

Question 5

IAM

Identity Federation

Answer 5

Active Directory

Facebook

Linkedin

Question 6

IAM

Provides temp access as necessary for

Answer 6

Users

Devices

Services

Question 7

IAM

Sets a juggler for your passwords

Answer 7

Rotation Policy

Question 8

IAM

Integrates with many different

Answer 8

AWS Services

Question 9

IAM

Supports PCI DSS Compliance

Answer 9

For billing purposes

Question 10

IAM

End users are

Answer 10

Users

Question 11

IAM

A collection of users under one set of permissions

Answer 11

Group

Question 12

IAM

These can be created and then assigned to AWS resources

Answer 12

Roles

Question 13

IAM

A document that defines one (or more) permissions.

Answer 13

Policy

Question 14

Policy Simulator - exam tip

Test IAM Permissions BEFORE you commit them to

Answer 14

Prod

Question 15

Policy Simulator - exam tip

Validate that the policy works

Answer 15

As expected

Question 16

Policy Simulator - exam tip

Great for troubleshooting because you can test

Answer 16

Policies attached to existing users and you suspect the problem is related to AWS IAM.

Question 17

IAM

accessed

Answer 17

Universally not by region at this time,

Question 18

IAM

The account created when you first set up your account,

Answer 18

Root Account

Question 19

IAM

What type of access does the ROOT account have

Answer 19

Complete ADMIN access

Question 20

IAM

When new users are first created they are assigned

Answer 20

Access Key ID
–AND–
Secret Access Keys

Question 21

IAM

Access Key ID and Secret Access key are NOT the same as Login to AWS management console

Answer 21

You can not use them to log in to the console

Question 22

IAM

You can use these to access AWS via APIs, Command lines and SDK

Answer 22

Access Key ID
–AND–
Secret Access Keys

Question 23

IAM

You only get to view these once so if you lose them you have to regenerate new ones - so keep them in secret, keep them safe Gandalf with Frodo….

Answer 23

Access Key ID
–AND–
Secret Access Keys

Question 24

IAM

Always set this up on your root account

Answer 24

Multifactor Authentication (MFA)

Question 25

IAM

You can create and customize your own

Answer 25

Password rotation policies,

Question 26

IAM

Delegates AWS resources access for users, groups or services

Answer 26

IAM ROLE

Question 27

IAM

A JSON document that defines one or more permissions

Answer 27

IAM Policy

Question 28

IAM

What is the best way to enable your EC2 instance to read files in an S3 bucket?

Answer 28

Create an IAM Role with read-access to S3 and assign the role to the EC2 instance,

Question 29

IAM

Allow apps to securely make API requests from instances, without requiring you to manage security credentials that the apps use,

Answer 29

IAM Roles

Question 30

IAM

Allows you to manage users, groups and roles and their corresponding level of access to AWS

Answer 30

IAM