IAM & AWS CLI

Question 1

What is a proper definition of an IAM Role?

Answer 1

An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service

Question 2

Which of the following is an IAM Security Tool?
* IAM Credentials Report
* IAM Root Account Manager
* IAM Service Report
* IAM Security Advisor

Answer 2

IAM Credentials Report

Question 3

IAM users should access AWS services using root account credentials? True or False?

Answer 3

false

Question 4

What are IAM Policies?

Answer 4

JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles

Question 5

Which principle should you apply regarding IAM Permissions?

Answer 5

Grant least privilege.
Least privilege is a principle of granting only the permissions required to complete a task.

Question 6

What should you do to increase your root account security?

Answer 6

Enable Multi-Factor Authentication (MFA)

Question 7

IAM User Groups can contain IAM Users and other User Groups. True or False?

Answer 7

Flase

IAM User Groups can contain only IAM Users.

Question 8

IAM Policy consists of?

Answer 8

A statement in an IAM Policy consists of Sid, Effect, Principal, Action, Resource, and Condition. Version is part of the IAM Policy itself, not the statement.

Question 9

According to the AWS Shared Responsibility Model, which of the following is AWS responsibility?

Answer 9

AWS Infrastructure

Question 10

What is the command to list the AWS CLI commands for AWS Identity and Access Management (IAM) and how can you access the features of IAM using the AWS CLI?

Answer 10

aws iam help

Question 11

What is IAM?

Answer 11

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

Question 12

What are access credentials in AWS?

Answer 12

Credentials identify who is calling the API. Access credentials are used to encrypt the request to the AWS servers to confirm your identity and retrieve associated permissions policies. These permissions determine the actions you can perform

Question 13

What are profiles and how are they used to organize the config and credentials files into named collections of settings?

Answer 13

The config and credentials files are organized into sections named profiles. A profile is a named collection of settings, and continues until another profile definition line is encountered. Multiple profiles can be stored in the config and credentials files.

Each profile can specify different credentials and can also specify different AWS Regions and output formats.

Question 14

What are environment variables for the AWS CLI?

Answer 14

Environment variables provide another way to specify configuration options and credentials, and can be useful for scripting or temporarily setting a named profile as the default.

Question 15

What is the AWS Command Line Interface?

Answer 15

The AWS Command Line Interface (AWS CLI) is an open source tool that enables you to interact with AWS services using commands in your command-line shell. With minimal configuration, the AWS CLI enables you to start running commands that implement functionality equivalent to that provided by the browser-based AWS Management Console from the command prompt in your terminal program

Question 16

What are IAM user groups?

Answer 16

An IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a user group called Admins and give that user group typical administrator permissions.

Question 17

What is an IAM policy?

Answer 17

An IAM policy is a way to allow or deny users to perform certain actions in an AWS account. When a user or a role is created, by default they only have permission to login. They cannot view, modify, or create any new resources. IAM policies are used to grant additional permissions.

Question 18

What is an IAM role?

Answer 18

An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

Question 19

What are the differences between AWS Roles, Policies, Profiles, Users and User Groups?

Answer 19

AWS roles define a set of permissions for making AWS service requests, policies define permissions for accessing AWS resources, profiles are collections of settings and credentials, users are identities that interact with AWS services, and user groups are collections of users with the same permissions.