IAM

Question 1

What are IAM components?

There are 4 elements in the list

Answer 1

• Groups
• Users
• Roles
• Policies

Question 2

IAM policies use which file format?

Answer 2

JSON

Question 3

In IAM, A policy that is directly attached to an individual user is called what?

Answer 3

Inline Policy

Question 4

In IAM, How to apply permissions to multiple AWS users?

Answer 4

IAM Groups

Question 5

What are the three types of IAM Policies?

Answer 5

Managed Policies
A policy which is managed by AWS, which you cannot edit. Managed policies are labeled with an orange box.

Customer Managed Policies
A policy created by the customer which is editable. Customer policies have no symbol beside them.

Inline Policies
A policy which is directly attached to the user.

Question 6

In IAM, Which policy element identifies the user or role that the policy applies to?

Answer 6

Principal

Question 7

Which policy element determines if the policy will Allow or Deny permissions?

Answer 7

Effect

Question 8

In IAM, what are some elements you can find in a policy structure?

There are 8 elements in the list

Answer 8

• Version policy language version. 2012-10-17 is the latest version.
• Statement container for the policy element you are allowed to have multiples
• Sid (optional) a way of labeling your statements.
• Effect Set whether the policy will Allow or Deny
• Principal account, user, role, or federated user to which you would like to allow or deny access
• Action list of actions that the policy allows or denies
• Resource the resource to which the action(s) applies
• Condition (optional) circumstances under which the policy grants permission

Question 9

Which are some options in an IAM password policy?

There are 8 elements in the list

Answer 9

• Uppercase letter
• Lowercase letter
• Number
• Symbol
• Allowed change its own password
• Password Expiration (days)
• Prevent reuse (Number of past passwords)
• Administration reset when it expires

Question 10

You can use this in IAM to set minimum requirements for passwords, or rotate user passwords on a schedule

Answer 10

Password Policy

Question 11

In IAM, How many access keys are allowed per user?

Answer 11

2

Question 12

You can download your IAM access keys in which file format?

Answer 12

CSV

Question 13

The 2 components of an IAM access key

Answer 13

• Access Key ID

- Secret Access Key

Question 14

In IAM, The practice of requiring a second method of verification on-top of your regular password is called…

Answer 14

Multi-Factor Authentication (MFA)

Question 15

In IAM, Can the Administrator account create a policy requiring MFA to access certain resources?

Answer 15

True

The user has to turn on MFA themselves, Administrator cannot directly enforce users to have MFA.

Question 16

In IAM, Which AWS service provides the permissions for Cross-Account roles to be assumed?

• krɒs əˈkaʊnt
• əˈsumd

Answer 16

Security Token Service (STS)

Question 17

True or False, cross-account roles let you grant resource access to other users who do not have an account specific IAM login to your account.

• krɒs əˈkaʊnt
• grænt

Answer 17

True

Question 18

This special kind of IAM role allows granting access to your AWS resources for someone in a different AWS account

ˈgræntɪŋ

Answer 18

Cross-Account Roles

krɔs əˈkaʊnt roʊlz

Question 19

Which API actions can be used to obtain credentials via STS? (The first 3 elements)

ˈviə

Answer 19

• AssumeRoleWithWebIdentity
• AssumeRole
• AssumeRoleWithSAML

əˈsum roʊl wɪð wɛb aɪˈdɛntəti

Question 20

This AWS service allows you to programmatically provide users with a temporary set of credentials to access limited AWS resources

Answer 20

Security Token Service (STS)

Question 21

In IAM, Which common protocol does web identity federation generally adhere to?

ədˈhɪr

Answer 21

OpenID Connect (OICD) 2.0

Question 22

What would be one example of Enterprise Identity Federation?

Answer 22

• SAML (Microsoft Active Directory Integration)

Question 23

In IAM, This method of authentication allows you to authenticate your users with an external 3rd party service

Answer 23

Identity Federation

Question 24

In IAM, What is the first step for authentication when using AssumeRoleWithWebIdentity?

“Assume Role With Web Identity”

Answer 24

Authenticating with the external identity provider

Question 25

In IAM, What is returned from the web identity provider during authentication that is then used to grant temporary credentials to the user?

Answer 25

Json Web Token (JWT)

Question 26

In IAM, What are the 6 steps to get Temporary Credentials Using AssumeRoleWithWebIdentity?

Answer 26

• The Developer authenticates on Facebook trough OAuth 2.0
• Facebook returns a JWT
• The Developer uses the CLI and calls the AssumeRoleWithWebIdentity passing along the JWT
• The STS services returns the temporary credentials
• The Developer uses those credentials to access to resources

Question 27

What is IAM?

What are its 5 components?

Answer 27

• Manage access to AWS services and resources securely
• IAM Identities (User, groups, roles)
• IAM policies (Managed, Customer Managed, Inline)
• STS
• Cross Account Roles
• Password policies

Question 28

The manager wants to grant access to user-specific folders in an Amazon S3 bucket s3:xx/cperez, s3:xx/igarcia

Instead of creating distinct policies for each team member, what approach can be used to make this policy snippet generic for all team members?

Answer 28

Use IAM policy variables