IAM & AWS CLI

Question 1

What is IAM and is it a regional or global service?

Answer 1

IAM (Identity and Access Management) is a global service.

Question 2

What is the root account, and should it be used?

Answer 2

It’s the account created by default with full access; should not be used regularly or shared.

Question 3

Can an IAM user be in multiple groups? Can groups contain other groups?

Answer 3

A user can be in multiple groups. Groups cannot contain other groups.

Question 4

What format are IAM policies written in?

Answer 4

JSON (JavaScript Object Notation)

Question 5

What are the key components of an IAM policy?

Answer 5

Version, Id, Statement (Sid, Effect, Principal, Action, Resource, Condition)

Question 6

What principle should always be followed when assigning permissions?

Answer 6

Least privilege – only give the permissions needed.

Question 7

What does the ‘Effect’ field in a policy do?

Answer 7

Specifies whether access is allowed or denied.

Question 8

What does MFA stand for and why is it important?

Answer 8

Multi-Factor Authentication – it adds an extra layer of security.

Question 9

Name 3 types of MFA devices supported by AWS.

Answer 9

• Virtual MFA app
• U2F Security Key
• Hardware MFA device

Question 10

What are best practices for passwords in IAM?

Answer 10

• Set length
• Include character types
• Expire passwords
• Prevent reuse

Question 11

What are three ways users can access AWS?

Answer 11

• Management Console
• AWS CLI
• AWS SDK

Question 12

What are access keys composed of?

Answer 12

Access Key ID (username) and Secret Access Key (password)

Question 13

What is the AWS CLI?

Answer 13

A tool to interact with AWS services via terminal/command-line.

Question 14

What is the AWS SDK used for?

Answer 14

Programmatic access to AWS services through code.

Question 15

What are IAM roles used for?

Answer 15

Grant temporary permissions to AWS services.

Question 16

Name three common IAM roles for AWS services.

Answer 16

• EC2 instance roles
• Lambda roles
• CloudFormation roles

Question 17

What is the IAM Credentials Report?

Answer 17

Account-level report showing user credentials and status.

Question 18

What does IAM Access Advisor show?

Answer 18

Services a user has access to and when they were last accessed.

Question 19

What should you do instead of using the root account regularly?

Answer 19

Create IAM users with least privilege and enable MFA.

Question 20

Should IAM users share access keys?

Answer 20

Never share IAM users or access keys.

Question 21

How often should access keys be rotated?

Answer 21

Regularly, as part of best practices.

Question 22

Under the shared responsibility model, what is AWS responsible for?

Answer 22

Infrastructure, hardware, network, global security.

Question 23

What are you (the customer) responsible for in IAM?

Answer 23

Managing users, roles, policies, enabling MFA, auditing.