IAM and CLI

Question 1

What is a proper definition of an IAM Role?

A. IAM Users in multiple User Groups
B. An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service
C. An IAM entity that defines a password policy for IAM users
D. Permissions assigned to IAM Users to perform actions

Answer 1

B. An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service

Some AWS services need to perform actions on your behalf. To do so, you assign permissions to AWS services with IAM Roles.

Question 2

Which of the following is an IAM Security Tool?

A. IAM Credentials Report
B. IAM Root Account Manager
C. IAM Services Report
D. IAM Security Advisor

Answer 2

A. IAM Credentials Report

IAM Credentials report lists all your AWS Account’s IAM Users and the status of their various credentials.

Question 3

Which answer is INCORRECT regarding IAM Users?

A. IAM Users can belong to multiple User Groups
B. IAM Users don’t have to belong to a User Group
C. IAM Policies can be attached directly to IAM Users
D. IAM Users access AWS services using root account credentials

Answer 3

D. IAM Users access AWS services using root account credentials

IAM Users access AWS services using their own credentials (username & password or Access Keys).

Question 4

Which of the following is an IAM best practice?

A. Create several IAM Users for one physical person
B. Share your AWS account credentials with your colleague so he can perform a task for you
C. Don’t use the root user account
D. Do not enable MFA for easier access

Answer 4

C. Don’t use the root user account

Use the root account only to create your first IAM User and a few account/service management tasks. For everyday tasks, use an IAM User.

Question 5

What are IAM Policies?

A. A set of policies defines how AWS accounts interact with each other
B. JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles
C. A set of policies that define a password for IAM users
D. A set of policies defined by AWS that show how customers interact with AWS

Answer 5

B. JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles

Question 6

Which principle should you apply regarding IAM Permissions?

A. Grant least privilege
B. Grant most privilege
C. Grant more permissions if your employee asks you to
D. Restrict root account permissions

Answer 6

A. Grant least privilege

Question 7

What should you do to increase your root account security?

A. Remove permissions from the root account
B. Only access AWS services through AWS Command Line Interface
C. Enable Multi-Factor Authentication
D. Don’t create IAM Users, only access your AWS account using the root account.

Answer 7

C. Enable Multi-Factor Authentication

When you enable MFA, this adds another layer of security. Even if your password is stolen, lost, or hacked your account is not compromised.

Question 8

IAM User Groups can contain IAM Users and other User Groups.

A. True
B. False

Answer 8

B. False

IAM User Groups can contain only IAM Users.

Question 9

An IAM policy consists of one or more statements. A statement in an IAM Policy consists of the following, EXCEPT:

A. Effect
B. Principal
C. Version
D. Action
F. Resource

Answer 9

C. Version

A statement in an IAM Policy consists of Sid, Effect, Principal, Action, Resource, and Condition. Version is part of the IAM Policy itself, not the statement.

Question 10

According to the AWS Shared Responsibility Model, which of the following is AWS responsibility?

A. Rotate Access Key for IAM Users
B. Enable MFA for the root account and all IAM Users
C. IAM Users, User Groups, and IAM Policies
D. AWS infrastructure

Answer 10

D. AWS infrastructure