IAM Identity and Access Management

Question 1

What does IAM stand for

Answer 1

Identity and Access Management, Global Service

Question 2

What account should not be used

Answer 2

The Root account

Question 3

When should you use the root account

Answer 3

When setting up your account

Question 4

What are users

Answer 4

People within your org. and can be grouped

Question 5

Can groups contain other groups?

Answer 5

No just users

Question 6

what is the version variable in a IAM policy

Answer 6

Details about the version of the policy, awlways include “2012-10-17”

Question 7

What is the id variable in the IAM policy structure

Answer 7

an identifier for the policy (optional)

Question 8

What is the statement in a IAM Policy structure

Answer 8

one or more individual statements (required)

Question 9

What is the SID in a statement of a IAM Policy Structure

Answer 9

an identifier for the statement (optional)

Question 10

What is the SID in a statement of a IAM Policy Structure

Answer 10

Whether the statement allows or denies access (Allow, Deny)

Question 11

What is the Principal in a statement of a IAM Policy Structure

Answer 11

account/user/role to which this policy applied to

Question 12

What is the Action in a statement of a IAM Policy Structure

Answer 12

List of actions this policy allows or denies

Question 13

What is the Resource in a statement of a IAM Policy Structure

Answer 13

List of resources to which the actions applied to

Question 14

What is the Condition in a statement of a IAM Policy Structure

Answer 14

Conditions for when this policy is in effect (optional)

Question 15

In AWS how can you setup a password policy

Answer 15

Requiring a minimum password length
Require specific character types like
-including uppercase letter
-lowercase letters
-numbers
-non-alphanumeric characters
Allow all IAM users to change their own passwords 
Require users to change passwords
Prevent password re-use

Question 16

What is the main benefit of MFA

Answer 16

If a password is stolen or hacked, the account is not compromised

Question 17

What is a Virtual MFA device

Answer 17

uses a software application to generate an authentication code.

Question 18

What are the two virtual MFA devices used for AWS

Answer 18

Google authenticator and Authy

Question 19

What is a universal 2nd factor (U2f) Security Key

Answer 19

A physical device that holds a security key

Question 20

What are the two MFA devices for aws

Answer 20

Hardware Key Fob MFA device and GOVCloud Hardware Key Fob

Question 21

What are the three ways to access AWS

Answer 21

Aws Management Console
AWS CLI
Aws Software Developer Kit

Question 22

How are Access Keys generated?

Answer 22

Through the AWS console

Question 23

What is the Access Key ID for

Answer 23

Username

Question 24

What is the secret Access Key for

Answer 24

password

Question 25

What is the AWS CLI

Answer 25

A tool that enables you to interact with AWS services using commands in your command-line shell

Question 26

Where can you develop scripts to manage your resources

Answer 26

in the AWS CLI

Question 27

What are common roles in AWS

Answer 27

EC2 Instance roles
Lambda Function Roles
Roles for CloudFormation

Question 28

What are IAM roles

Answer 28

is an IAM identity that you can create in your account that has specific permissions

Question 29

What are the two most common IAM Security Tools

Answer 29

IAM Credentials Report -

IAM Access Advisor

Question 30

What is the IAM Credentials Report

Answer 30

A report that lists all your accounts users and the status of their various credentials

Question 31

what is the IAM Access advisor

Answer 31

Shows the service permissions granted to a user and when those services were last accessed
You can use this information to revise your policies

Question 32

What are The IAM Guidelines and Best Practices

Answer 32

Dont use the root account except for AWS account setup
One physical user = One AWS user
Assign users to groups and assign permissions to groups
Create a strong password policy
Use and enforce the use of MFA
Create and use roles for giving permissions to AWS services
Use Access Keys for Programmatic Access (CLI/SDK)
Audit permissions of your account with the IAM Credentials Report
Never share IAM users and Access Keys

Question 33

What responsibilities does AWS have

Answer 33

Infrastructure (global network security)
Configuration and vulnerability analysis
Compliance validation

Question 34

What responsibilities do you have as a IAM user

Answer 34

Users, Groups, Roles, Policies management and monitoring
Enable MFA on all accounts
Rotate all your keys often
Use IAM tools to apply appropriate permissions
Analyze access patterns and review permissions

Question 35

What is a user

Answer 35

mapped to a physical user, has a password for AWS COnsole

Question 36

What are groups

Answer 36

Container for users only

Question 37

What are policies

Answer 37

JSON document that outlines permissionses for users or groups

Question 38

What are Roles for

Answer 38

EC2 instances or AWS services

Question 39

How do you implement Security

Answer 39

Security MFA + Password policy

Question 40

What is the AWS CLI

Answer 40

manages your aws services using the command line

Question 41

What is the AWS SDK

Answer 41

Manage your AWS services using a programming language

Question 42

What are Access Keys

Answer 42

Passwords that allows access AWS through the CLI or SDK

Question 43

What is an audit IAM

Answer 43

Credential Reports and IAM Access Advisor