IAM 1 Flashcards

1
Q

Root User

Root user restrictions?

A

Can’t be restricted in any way

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Root User

How do you change your account name or contact info?

A

Must use root creds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Root User

How do you turn on IdentityCenter?

A

Must use root creds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Root User

How do you join the GovCloud region?

A

Must use root creds, prove you’re a US Person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Root User

How do you close your account?

A

Must use root creds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Root User

How do you turn on MFA delete on an S3 bucket?

A

Must use root creds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Root User

How do you fix an S3 bucket policy that denies all users?

A

Must use root creds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Root User

Best Practice for root user?

A

Use MFA, delete access keys, regularly change password, set security challenge questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Root User

What are the security challenge questions used for?

A

Contacting AWS Support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Root User

Is the root user’s password subject to your account’s password policy?

A

no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Limits

Max IAM Users per account?

A

5,000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Groups

Max groups an IAM User can be in?

A

10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Groups

What happens if an IAM User is in two groups with overlapping Policies?

A

Union: if any denies, deny. Then, if any allow, allow it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Groups

What’s the “all users” group that all IAM Users belong to?

A

There is none.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Groups

Limit on the number of users in a group?

A

None. However, it’s 5,000: max users per account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Groups

Can you nest groups?

A

no

17
Q

Groups

Max number of groups per account?

A

300 (soft limit)

18
Q

Groups

Extend the max number of groups per account?

A

Yes, request limit increase form (not a support case!)

19
Q

Groups

How do you set up a Policy for everyone in a group?

A

Create a single Group Policy (duh).

20
Q

Groups

Reference a Group in a Policy?

A

Not allowed: Groups aren’t Principals. Can’t be targets of policy things.

21
Q

Groups

Can groups have inline, customer-managed, or aws-managed policies?

A

All three

22
Q

Groups

When shouldn’t you add an inline policy to a user?

A

Hopefully never: manage human perms always via Groups.

23
Q

Groups

Can’t use Groups, too many different sets of perms!

A

Refactor your Groups, grant multiple Groups to each Human.