IAM

Question 1

What does IAM stand for?

Answer 1

Identity and Access Management

Question 2

What do IAM Groups contain

Answer 2

Groups only contain Users

Question 3

Can Groups contain other groups?

Answer 3

No, only Users in Groups

Question 4

What does a Policy do?

Answer 4

It defines the permissions being given to the User

Question 5

What is the IAM best practice when assigning permissions?

Answer 5

Assign the least privilege

Question 6

What 3 properties does an IAM policy have?

Answer 6

• Version
• Id
• Statement

Question 7

What 6 properties does an IAM policy Statement have?

Answer 7

• Sid
• Effect (Allow/Deny)
• Principal (Account/User/Role the Policy applies to)
• Action (List of Actions this policy allows/denies)
• Resource (List of resources the actions are allowed on)
• Condition (Conditions for when this policy takes effect)

Question 8

What does MFA stand for?

Answer 8

Multi Factor Authentication

Question 9

What makes up MFA?

Answer 9

A Password you know and a security device you own

Question 10

What are the 4 MFA options in AWS?

Answer 10

• Virtual MFA Device (Google Auth/Authy)
• Universal 2nd Factor (U2F) Security Key provided by third party Yubikey
• Hardware Key Fob MFA Device (Gemalto)
• Hardware Key Fob for AWS GovCloud (SurePassId)

Question 11

What are the 2 IAM Security Tools available?

Answer 11

• IAM Credentials Report

- IAM Access Advisor

Question 12

Which IAM Security Tool is at the Account level?

Answer 12

IAM Credentials Report lists all your account’s users and the status of their various credentials

Question 13

Which IAM Security Tool is at the User level?

Answer 13

IAM Access Advisor shows the service permissions granted to a user and when those services were last used