IAM & AWS CLI

Question 1

IAM =

Answer 1

Identity And Access Management - Global service

Question 2

Do users have to belong to a group?

Answer 2

No. But it’s not best practice

Question 3

Should you use the root account that is created by default?

Answer 3

No.

Question 4

Users are people within your organization, and can be grouped. True or False.

Answer 4

True

Question 5

Groups can only contain users, not other groups?

Answer 5

True

Question 6

Users or Groups are assigned JSON documents called?

Answer 6

Policies

Question 7

What do policies do?

Answer 7

They define the permissions of the users

Question 8

What is the “least privilege principle”?

Answer 8

don’t give more permissions than a user needs

Question 9

How does a User inherit a policy?

Answer 9

Attach a policy to that user’s group.

Question 10

Who can an inline policy?

Answer 10

Individual users.

Question 11

Features:
- set a minimum password length
- Require specific character types:
- including uppercase letters
- lowercase letters, number, non-alphanumeric characters
- Allow IAM users to change their own passwords
- Require users to change their password after some time (password expiration)
- Prevent password re-user

Answer 11

Password policies that can be set.

Question 12

Three ways to access AWS?

Answer 12

• AWS Management Console (protected by password + MFA)
• AWS Command Line Interface (CLI): protected by access keys
• AWS Software Developer Kit (SDK) - for code: protected by access keys

Question 13

How are access keys generated?

Answer 13

Through the AWS Console

Question 14

How are keys managed?

Answer 14

By user

Question 15

What is AWS CLI?

Answer 15

A tool that allows you to interact with the AWS services using commands in your command-line shell.

Question 16

How can you get direct access to the public APIs of your AWS services

Answer 16

AWS CLI

Question 17

Where can you develop scripts to manage your resources?

Answer 17

AWS CLI

Question 18

What an alternative to using AWS CLI?

Answer 18

AWS Management Console

Question 19

AWS SDK =

Answer 19

AWS Software Development Kit

Question 20

What is the purpose of the AWS SDK?

Answer 20

Enables you to access and manage your AWS services programmatically

Question 21

What is embedded within your application?

Answer 21

AWS SDK

Question 22

What is AWS CloudShell?

Answer 22

Alternative to using the terminal

Question 23

What are IAM Roles?

Answer 23

Similar to IAM Users but specifically designed for AWS services to perform actions on your account, not for direct use by individuals.

Question 24

What is created to assign necessary permissions to AWS services, enabling them to act on your behalf within your AWS account.

Answer 24

IAM Roles

Question 25

What grants permissions to execute tasks within AWS.

Answer 25

IAM Roles

Question 26

What is IAM Credentials Report (account-level)

Answer 26

A report that lists all your account’s users and the status of their various credentials.

Question 27

IAM Access Advisor (user-level)

Answer 27

shows the service permissions granted to a user and when those services were last accessed

Question 28

What tool can you use to gather information to revise your policies?

Answer 28

IAM Access Advisor (user-level)

Question 29

Don’t use a root account except when you set up your AWS account?

Answer 29

True

Question 30

What should security be managed?

Answer 30

At the group level?

Question 31

How do you assign permissions to users?

Answer 31

Assign users to groups and assign permissions to groups

Question 32

How can audit account permissions?

Answer 32

IAM Credentials Reports & IAM Access Advisor

Question 33

What is the differences in responsibility between user and AWS?

Answer 33

AWS is responsible for all the infrastructure

User is responsible for how that infrastructure is used.