IAM Flashcards

1
Q

What is the best way to secure your root account? (3 items)

A

Enable MFA and never use it for day to day. Setup password policy rotation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the steps to setup admins for your account?

A

Create an admin IAM group with appropriate permissions. Create admin IAM user accounts and assign to group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is IAM?

A

Service to manage users and access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a root account?

A

Email used to create the AWS Account. Has full admin permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a policy document written in?

A

JSON

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does a policy document consist of?

A

Allow, Effect, Resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is best practice to assign users permissions?

A

Add user to a group and assign policy to the group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Is IAM Global or Regional?

A

Global

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do you assign permissions in AWS?

A

Using policy documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an IAM group?

A

Grouped users, should be by job functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an IAM role?

A

Allows one service to access another within AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

By Default how much permissions does a user have?

A

User has no permissions by default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is principle of least privilege?

A

Give a user the least amount of permission needed to do their job.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What do you need to do to SSO?

A

SAML with AD services for Identity Federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does programmatic access give you?

A

Access key and secret. Can view only once.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Can you use Access Key and Secrets to login to the AWS Console?

A

No, you would have to use username and password

17
Q

Do you have to wait for changes to permissions in a policy to take effect?

A

No, changes are immediate.

18
Q

Do you have to wait for changes to permissions in a policy to take effect?

A

No, changes are immediate.

19
Q

Does an explicit deny always override an allow?

A

Yes

20
Q

Does an explicit deny always override an allow?

A

Yes, explicit denies overrides allows in any other policy

21
Q

Are all permission implicity denied?

A

Yes, unless granted allow explicity