IAM

Question 1

What is a User (IAM)?

Answer 1

A user is a physical user - has credentials to access the AWS console

Question 2

What is a Group (IAM)?

Answer 2

A group is a subset of users. It cannot contain other groups.

Question 3

What is a Policy (IAM)?

Answer 3

JSON document that outlines permissions for users or groups or roles.

Question 4

What are Roles (IAM)?

Answer 4

Outlines permissions for EC2 instances or other services.

Question 5

If you want to access AWS programmatically (using the CLI or SDK), what do you need to generate?

Answer 5

Access Keys = Access Key ID and Secret Password

Question 6

You want a report that lists all your account’s users and the status of their various credentials. What Security Tool would you use?

Answer 6

IAM Credentials Report

Question 7

You want to see the service permissions granted to a user and when those services were last accessed. What Security Tool would you use?

Answer 7

IAM Access Advisor

Question 8

True or False?

You should always use the root user account to access the AWS console.

Answer 8

False. You only want to use the root account to create your first IAM user, and for a few account and service management tasks. For every day and administration tasks, use an IAM user with permissions.

Question 9

Under the shared responsibility model, what is the customer responsible for in IAM?

Answer 9

Customers are responsible for defining and using IAM policies.

Question 10

Which principle should you apply regarding IAM Permissions?

Answer 10

Grant least privilege.

Question 11

True or False?

You should enable MFA to increase your root account security.

Answer 11

True. You want to enable MFA in order to add a layer of security, so even if your password is stolen, lost or hacked your account is not compromised.