IAM Flashcards

1
Q

Which statement best describes IAM?

IAM allows you to manage permissions for AWS resources only.

IAM stands for Improvised Application Management, and it allows you to deploy and manage applications in the AWS Cloud.

IAM allows you to manage users, groups, and roles and their corresponding level of access to the AWS Platform.

IAM allows you to manage users’ passwords only. AWS staff must create new users for your organization. This is done by raising a ticket.

A

IAM allows you to manage users, groups, and roles and their corresponding level of access to the AWS Platform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SAML stands for Security Assertion Markup Language.

True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is NOT a feature of IAM?

Integrates with existing active directory account allowing single sign on

Fine-grained access control to AWS resources

Allows you to setup biometric authentication, so that no passwords are required

Centralised control of your AWS account

A

Allows you to setup biometric authentication, so that no passwords are required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When using Active Directory to authenticate to AWS, which of the following answers contains the correct steps, in the correct order?

The user navigates to the AWS console. The user enter in their active directory single sign on credentials in to AWS. The user’s web browser receives a SAML assertion from AWS. The user is then able to access the AWS Console.

The user navigates to ADFS webserver. The user enter in their single sign on credentials. The user’s web browser receives a SAML assertion from the AD server. The user’s browser then posts the SAML assertion to the AWS SAML end point for SAML and the AssumeRoleWithSAML API request is used to request temporary security credentials. 5) The user is then able to access the AWS Console.

Federating with Active Directory is not possible with AWS.

The user navigates to ADFS webserver. The user enter in their single sign on credentials. The user’s web browser receives a SAML assertion from the AD server. The user’s browser then posts the SAML assertion to the AWS SAML end point for SAML and the GiveUserSAMLAccess API request is used to request temporary security credentials. 5) The user is then able to access the AWS Console.

A

The user navigates to ADFS webserver. The user enter in their single sign on credentials. The user’s web browser receives a SAML assertion from the AD server. The user’s browser then posts the SAML assertion to the AWS SAML end point for SAML and the AssumeRoleWithSAML API request is used to request temporary security credentials. 5) The user is then able to access the AWS Console.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the name of the API call used to request temporary security credentials from the AWS platform when federating with Active Directory?

GetSAMLRole

CovertRoleToSAML

ShowMeTheSAML

AssumeRoleWithSAML

A

AssumeRoleWithSAML

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the name of the service that allows users to use their social media account to gain temporary access to the AWS platform?

Web Identity Federation

Active Directory Authentication Services

Facebook Sign In Service

Web Confederation Services

A

Web Identity Federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When using Web Identity Federation to allow a user to access an AWS service (such as an S3 bucket), which of the following is the correct order of steps?

A user makes the AssumeRoleWithWebIdentity API Call. The user is then redirected to facebook to authenticate. Once authenticated, the user is given an ID token. The user is then granted temporary access to the AWS platform.

A user logs in to the AWS platform using their facebook credentials. AWS authenticate with facebook to check the credentials. Temporary Security Access is granted to AWS.

Users cannot use Facebook credentials to access the AWS platform.

A user authenticates with facebook first. They are then given an ID token by facebook. An API call, AssumeRoleWithWebIdentity, is then used in conjunction with the ID token. A user is then granted temporary security credentials.

A

A user authenticates with facebook first. They are then given an ID token by facebook. An API call, AssumeRoleWithWebIdentity, is then used in conjunction with the ID token. A user is then granted temporary security credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AWS recommends that EC2 instances have credentials stored on them so that the instances can access other resources (such as S3 buckets).

True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The AWS sign-in endpoint for SAML is https://signin.aws.amazon.com/saml.

True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When authenticating using Web Identity Federation, which of the following is the API call used to obtain temporary security credentials?

AssumeRole

GetRoleWithWebIdentity

GetRole

AssumeRoleWithWebIdentity

A

AssumeRoleWithWebIdentity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly