IAM & AWS CLI

Question 1

What is the proper definition of an IAM role?

Answer 1

An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service

Question 2

What IAM security tool lists all of your AWS Account’s IAM Users and the status of their various credentials?

Answer 2

IAM Credentials Report

Question 3

What do you call JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles?

Answer 3

IAM Policies

Question 4

What principle should you apply regarding IAM Permissions?

Answer 4

Grant least privilege

Question 5

What should you do to increase your root account security?

Answer 5

Enable Multi-Factor Authentication (MFA)

Question 6

______________ is the service that you can use to create and provide trusted users with temporary security credentials that can control access to your AWS resources.

Answer 6

AWS Security Token Service (STS)

Question 7

___________ helps you securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications. It is the recommended approach for workforce authentication and authorization on AWS for organizations of any size and type, but not for generating tokens.

Answer 7

AWS IAM Identity Center

Question 8

____________ helps you continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards.

Answer 8

AWS Audit Manager

Question 9

_____________ primary purpose is to analyze and visualize security data to rapidly get to the root cause of potential security issues.

Answer 9

Amazon Detective

Question 10

___________ can generate findings based on suspicious activities such as requests coming from known malicious IP addresses, changing of bucket policies/ACLs to expose an S3 bucket publicly, or suspicious API call patterns that attempt to discover misconfigured bucket permissions.

Answer 10

Amazon GuardDuty

Question 11

___________ is simply a service that can identify the objects, people, text, scenes, and activities on your images or videos, as well as detect any inappropriate content.

Answer 11

Amazon Rekognition

Question 12

_____________ can track API calls for your account, including calls made by the AWS Management Console, AWS SDKs, command line tools, and other AWS services.

Answer 12

AWS CloudTrail

Question 13

While AWS IAM Identity Center can integrate with external identity providers, it primarily supports?

Answer 13

SAML 2.0-based identity providers

Question 14

AWS account ______________ is a single sign-in identity that has complete access to all AWS services and resources in the account.

Answer 14

Root user

Question 15

To authenticate from the console as a user, you must?

Answer 15

Sign in with your user name and password.

Question 16

To authenticate from the API or AWS CLI, you must?

Answer 16

Provide your access key and secret key.

Question 17

Instead of sharing your user root credentials with others, you can create individual ____________ within your account that correspond to users in your organization.

Answer 17

IAM users

Question 18

By default, a brand new IAM user has?

Answer 18

No permissions to do anything

Question 19

If the users in your organization already have a way to be authenticated, you can __________ those user identities into AWS.

Answer 19

Federate

Question 20

What Assume Role Option returns a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to? Typically used within your account or for cross-account access.

Answer 20

AssumeRole