IAM & AWS CLI

Question 1

IAM stands for

Answer 1

Identity and Access Management

Question 2

Is IAM a global service? (Globally Resilient)

Answer 2

Yes

Question 3

Created automatically when creating a new AWS account

Answer 3

Root User

Question 4

Has full control of the AWS Account

Answer 4

Root User

Question 5

Bills to the AWS account payment method as they are consumed

Answer 5

Resources

Question 6

Best practice that adds an extra layer of protection on top of your user name and password

Answer 6

AWS Multi-Factor Authentication (MFA)

Question 7

Can the root User be restricted?

Answer 7

No

Question 8

Can be used by AWS services or for granting external access to your account

Answer 8

Roles

Question 9

Objects or documents which can be used to allow or deny access to AWS services when they are ATTACHED to groups, users, or roles

Answer 9

Policies

Question 10

Long term credentials in AWS

Answer 10

Access Keys

Question 11

policy created for a single IAM identity which has a strict one-to-one relationship to its associated IAM identity. Will be automatically deleted if you delete its associated identity.

Answer 11

Inline Policy

Question 12

Used for special or exceptional allows or denies

Answer 12

Inline Policy

Question 13

Remains unchanged even if you delete its associated IAM identity, It doesn’t have a strict one-to-one relationship to its associated IAM identity

Answer 13

Standalone Policy

Question 14

First priority when evaluating policy logic

Answer 14

Explicit Denies

Question 15

Used by an unknown number of principals on a temporary basis that represents the level of access in an AWS Account

Answer 15

IAM Role

Question 16

Using an external identity provider and giving the external identities roles to perform actions

Answer 16

ID Federation

Question 17

Predefined IAM Role that is linked to a specific AWS Service

Answer 17

Service-linked roles

Question 18

Max IAM users per account

Answer 18

5000

Question 19

Manage your AWS services using the command-line

Answer 19

AWS CLI

Question 20

Manage your AWS services using a programming language

Answer 20

AWS SDK

Question 21

Used to audit permissions of your account

Answer 21

IAM Credentials Report & IAM Access Advisor

Question 22

Practice of not give more permissions than a user needs

Answer 22

Principle of Least Privilege

Question 23

Short-lived access tokens that act as temporary security credentials to allow access to your AWS resources

Answer 23

AWS Security Token Service (AWS STS)

Question 24

Policies you attach to IAM Users, Groups and Roles

Answer 24

Identity-based policies

Question 25

Policies that you attach to AWS services that support this type of policy, such as Amazon S3 buckets

Answer 25

Resource-based policies

Question 26

Element of a policy that specifies which IAM identities can access that resource

Answer 26

Principal element

Question 27

Term that refers to the process where principal proves their identity

Answer 27

Authenticate

Question 28

Term to allow or deny access to resources

Answer 28

Authorize

Question 29

Used when the identity store which is currently being used is not compatible with SAML

Answer 29

Custom identity broker application + STS to obtain temporary security credentials