iam & cli

Question 1

What does IAM stand for?

Answer 1

Identity and Access Management

Question 2

is IAM a global or region service?

Answer 2

global

Question 3

what is the root account?

Answer 3

created by default, shouldn’t be used or shared

Question 4

what are users in IAM?

Answer 4

are people within your organization, and can be grouped

Question 5

what do groups in IAM contain?

Answer 5

only contain users, not other groups

Question 6

T/F: Users must belong to groups

Answer 6

False

Question 7

T/F: Users can belong to multiple groups

Answer 7

True

Question 8

For IAM Permissions, what are the policies?

Answer 8

JSON documents that define permissions for users or groups

Question 9

Who can be assigned the policies?

Answer 9

users or groups

Question 10

what are inline policies?

Answer 10

policies assigned to a single user

Question 11

what is the least privilege principle?

Answer 11

don’t give more permissions than a user/group

needs

Question 12

What do IAM policy structure consist of ?

Answer 12

Version, Id, Statement

Question 13

What is the Version in IAM policy structure?

Answer 13

policy language version, always include “2012-10-17”

Question 14

What is the Id in IAM policy structure?

Answer 14

an identifier for the policy (optional)

Question 15

What is the Statement in IAM policy structure?

Answer 15

one or more individual statements (required)

Question 16

What do IAM policy structure Statements consist of ?

Answer 16

Sid, Effect, Principal, Action, Resource, Condition

Question 17

what is the Sid for statements?

Answer 17

an identifier for the statement (optional)

Question 18

What is the Effect in the statement?

Answer 18

whether the statement allows or denies access

Allow, Deny

Question 19

What is the Principal in the statement?

Answer 19

account/user/role to which this policy applied to

Question 20

What is the Action in the statement?

Answer 20

list of actions this policy allows or denies

Question 21

What is the Resource in the statement?

Answer 21

list of resources to which the actions applied to

Question 22

What is the Condition in the statement?

Answer 22

conditions for when this policy is in effect

optional

Question 23

strong passwords result in

Answer 23

higher security

Question 24

what can you set up in password policy?

Answer 24

Set a minimum password length
• Require specific character types:
• including uppercase letters
• lowercase letters
• numbers
• non-alphanumeric characters
• Allow all IAM users to change their own passwords
• Require users to change their password after some time (password expiration)
• Prevent password re-use

Question 25

What is MFA in aws iam?

Answer 25

password you know and device you know

Question 26

what do you want to protect with MFA?

Answer 26

root account and iam users

Question 27

what is the main benefit of mfa?

Answer 27

if a password is stolen or hacked, the account is not compromised

Question 28

what are the 3 ways to access AWS

Answer 28

AWS Management console
AWS CLI
AWS SDK

Question 29

what do you need to log in to aws with cli and sdk?

Answer 29

access keys

Question 30

access key id is like the

Answer 30

username

Question 31

secret access key is like the

Answer 31

password

Question 32

what is the aws cli?

Answer 32

open-source tool that enables you interact with aws services using commands in your own cli shell

Question 33

aws cli provides direct access to what?

Answer 33

public apis of aws servies

Question 34

what can you develop with aws cli to manage your resources?

Answer 34

scripts

Question 35

what does aws sdk stand for?

Answer 35

AWS Softwre Development Kit

Question 36

what is aws sdk?

Answer 36

language-spec apis that enables you to access and manage AWS services programatically that can be embeded within your app

Question 37

what languages do aws sdk support

Answer 37

JS, py, PHP, .net, ruby, java, go, nodeJS,c++, mobile sdks, ioT device

Question 38

what are IAM Roles?

Answer 38

aws services you need to perform actions on your behalf to other aws services using permissions

Question 39

what are common IAM roles?

Answer 39

EC2 instance roles, lambda function roles, and role for cloudformation

Question 40

What is IAM credentials report?

Answer 40

report that lists all your account’s users and the status of their various credentials

Question 41

What is IAM Access Advisor ?

Answer 41

Access advisor shows the service permissions granted to a user and when those services were last accessed

Question 42

What level is IAM credentials report?

Answer 42

acct level

Question 43

what level is iam access advisor?

Answer 43

user-level

Question 44

what can you use iam access advisor information for/

Answer 44

revise your policies

Question 45

T/F: Dont use the root acct except for AWS acct set up

Answer 45

T

Question 46

One phyiscal user =

Answer 46

1 aws user

Question 47

What is the best practice for assigning users ?

Answer 47

assign users to groups

Question 48

What is the best practice for assigning permissions?

Answer 48

assign permissions to groups

Question 49

T/F: create strong password policy

Answer 49

T

Question 50

T/F: Use and enforce use of MFA

Answer 50

T

Question 51

What do you create and use roles for?

Answer 51

giving permissions to AWS services

Question 52

what do you use Access Keys for?

Answer 52

Programmatic Access (CLI/SDK)

Question 53

how do you audit permissions of acct ?

Answer 53

IAM Credentials Report

Question 54

What should never be shared?

Answer 54

IAM Users & Access Keys

Question 55

what is the Shared Responsibiltiy Model for IAM?

Answer 55

what AWS handles and what the AWS acct owner handles for respons

Question 56

In the Shared Responsibiltiy Model for IAM, what does AWS handle?

Answer 56

Infrastructure (global networkk security), Configuration and vulnerability analysis, and compliance validation

Question 57

In the Shared Responsibiltiy Model for IAM, what does account owner handle?

Answer 57

Users, Groups, Roles, Policies management and monitoring; enable mfa for all accts; rotate keys often; use IAM tools to apply appropriate permissions; analyze access patterns and review permissions

Question 58

Users are maped to

Answer 58

a phyiscal user and has a password for AWS console

Question 59

Groups contain only

Answer 59

users

Question 60

Policies are JSON docs that outlines

Answer 60

permissions for users or groups

Question 61

Roles

Answer 61

for ec2 instances or aws services

Question 62

security

Answer 62

mfa + strong password policy

Question 63

access keys

Answer 63

access aws using cli or sdk

Question 64

audit

Answer 64

iam cred report or iam access advisor