IAM

Question 1

IAM is a global service. True or false?

Answer 1

True

Question 2

It is best practise to assign a user to a group. And not to assign individual permissions to the user. True or false?

Answer 2

True

Question 3

What is a user in IAM?

Answer 3

An object created to represent an identify. It could be an actual person, or it could be an account user by the app.

Question 4

Can IAM users be created via command line?

Answer 4

Yes

Question 5

What’s the size and type of string used for an IAM access key?

Answer 5

20 character, alphanumeric.

Question 6

True or false. You can recover a lost secret access key?

Answer 6

False. Once it’s gone, it’s gone!

Question 7

How many groups can a user be part of?

Answer 7

10

Question 8

Default group limit per AWS account?

Answer 8

200

Question 9

IAM secret access keys. How long are they?

Answer 9

40 characters.

Question 10

What format are IAM policies in?

Answer 10

JSON

Question 11

In the context of an IAM policy. What is an SID?

Answer 11

Statement Identity. It’s unique to the policy.

Question 12

What are the two types of managed IAM policies?

Answer 12

Managed Policies

Inline Policies

Question 13

There are two types of IAM managed policies.

Answer 13

AWS managed policies

Customer managed policies

Question 14

Explain IAM inline policies

Answer 14

Policies that attach directly to an IAM project

Question 15

What happens if you have conflicting IAM inline policies. One policy allows access to a resource, another denies it.

Answer 15

Access will be denied.

Question 16

What is IAM identity federation?

Answer 16

Allows you to access resources, even if you don’t have an IAM account

Question 17

What does idP mean?

Answer 17

Identity Provider

Question 18

How does identify federation grant access?

Answer 18

Either via OpenID or SAML2

Question 19

What does STS mean?

Answer 19

Secure token service

Question 20

You need to apply a password policy to your AWS account. How do you do this?

Answer 20

IAM account settings

Question 21

You need to prove your AWS account is compliant, with your companies password policy. How might you do this?

Answer 21

Run off a credential report from IAM.

Question 22

How often does the IAM credential report update?

Answer 22

Every four hours.

Question 23

In IAM, does the order in which policies are evaluated effect the outcome?

Answer 23

No.

Question 24

True or false. In IAM, all requests are allowed by default.

Answer 24

False.

Question 25

In IAM, is a policy explicitly denies a request. Can it is be over-ridden?

Answer 25

No

Question 26

Name to IAM best practised for providing an additional layer of protection for user identify verification

Answer 26

Strong password policies

2FA

Question 27

True or false. IAM roles should always be favoured over access keys.

Answer 27

True

Question 28

Are roles considered temporary?

Answer 28

Yes