IAM

Question 1

How to choose an AWS Region? (4) (CAPP)

Answer 1

Compliance, Available services, Proximity, Pricing

Question 2

data never leaves a region without your explicit permission (How to choose an AWS Region?)

Answer 2

Compliance with data governance and legal requirements

Question 3

reduced latency (How to choose an AWS Region?)

Answer 3

Proximity to customers

Question 4

new services and new features aren’t available in every Region (How to choose an AWS Region?)

Answer 4

Available services within a Region

Question 5

pricing varies region to region and is transparent in the service pricing page (How to choose an AWS Region?)

Answer 5

Pricing

Question 6

What does IAM stand for?

Answer 6

Identity and Access Management

Question 7

What type of service is IAM

Answer 7

Global

Question 8

IAM Policies Structure consist of _____? (3) (VIS)

Answer 8

Version, Id, Statement

Question 9

IAM Policies Structure - policy language version, always include“2012-10- 17”

Answer 9

Version

Question 10

IAM Policies Structure - identifier for the policy (optional)

Answer 10

Id

Question 11

IAM Policies Structure - you can have one or more (required)

Answer 11

Statements

Question 12

IAM Policies Structure Statements consists of _____? (6) (SPEARC)

Answer 12

Sid, Principal, Effect, Action, Resource, Condition

Question 13

IAM Policies Structure Statements - whether the statement allows or denies access (Allow, Deny)

Answer 13

Effect

Question 14

IAM Policies Structure Statements - account/user/role to which this policy applied to

Answer 14

Principal

Question 15

IAM Policies Structure Statements - list of ________ this policy allows or denies

Answer 15

Action

Question 16

IAM Policies Structure Statements - a list to which the actions applied to

Answer 16

Resource

Question 17

IAM Policies Structure Statements - an identifier for the statement (optional)

Answer 17

Sid

Question 18

IAM Policies Structure Statements - when this policy is in effect (optional)

Answer 18

Condition

Question 19

What does MFA stand for?

Answer 19

Multi factor Authentication

Question 21

MFA devices options in AWS? (4)

Answer 21

Virtual MFA device
Universal 2nd Factor (U2F) Security Key
Hardware Key Fob MFA Device
Hardware Key Fob MFA Device for AWS GovCloud (US)

Question 21

What does SDK stand for?

Answer 21

Software Development Kit

Question 22

2 IAM Security Tools that help monitor users

Answer 22

IAM Credentials Report (account-level)
IAM Access Advisor (user-level)

Question 23

• Shows the service permissions granted to a user and when those services were last accessed.
• You can use this information to revise your policies.

Answer 23

IAM Access Advisor (user-level)

Question 24

A report that lists all your account’s users and the status of their various credentials

Answer 24

IAM Credentials Report (account-level)

Question 25

mapped to a physical user, has a password for AWS Console

Answer 25

Users

Question 26

contains users only

Answer 26

Groups

Question 27

JSON document that outlines permissions for users or groups

Answer 27

Policies

Question 28

for EC2 instances or AWS services

Answer 28

Roles

Question 29

MFA + Password Policy

Answer 29

Security

Question 30

manage your AWS services using the command-line

Answer 30

AWS CLI

Question 31

manage your AWS services using a programming language

Answer 31

AWS SDK

Question 32

access AWS using the CLI or SDK

Answer 32

Access Keys

Question 33

IAM Credential Reports & IAM Access Advisor

Answer 33

Audit