IAM - Identity and Access Management Flashcards

1
Q

What is a proper definition of IAM Roles?

a) An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS services
b) IAM Users in multiple Groups
c) A password policy
d) Permissions assigned to Users to perform actions

A

a) An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS services

Some AWS service will need to perform actions on your behalf. To do so, you assign permissions to AWS services with IAM Roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is an IAM Security Tool?

a) IAM Credentials Report
b) IAM Root Account Manager
c) IAM Services Report
d) IAM Security Advisor

A

a) IAM Credentials Report

IAM Credentials report lists all your account’s users and the status of their various credentials. The other IAM Security Tool is IAM Access Advisor. It shows the service permissions granted to a user and when those services were last accessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which answer is INCORRECT regarding IAM Users?

a) IAM Users can belong to multiple groups
b) IAM Users don’t have to belong to a group
c) IAM Users can have policies assigned to them
c) IAM Users access AWS with the root account credentials

A

c) IAM Users access AWS with the root account credentials

IAM Users access AWS using a username and a password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is an IAM best practice?

a) Don’t use the root user account
b) Create several users for a physical person
c) Share credentials so a colleague can perform a task for you
d) Do not enable MFA for easier access

A

a) Don’t use the root user account

You only want to use the root account to create your first IAM user, and for a few account and service management tasks. For every day and administration tasks, use an IAM user with permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are IAM Policies?

a) AWS services to perform actions
b) JSON documents to define Users, Groups, or Roles’ permissions
c) Rules to set up a password for IAM

A

b) JSON documents to define Users, Groups, or Roles’ permissions

An IAM policy is an entity that, when attached to an identity or resource, defines their permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Under the shared responsibility model, what is the customer responsible for in IAM?

a) Infrastructure security
b) Compliance validation
c) Configuration and vulnerability analysis
d) Assigning users proper IAM Policies

A

d) Assigning users proper IAM Policies

Customers are responsible for defining and using IAM policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which principle should you apply regarding IAM Permissions?

a) Grant most privilege
b) Grant the least privilege
c) Grant permissions if your employee asks to
d) Restrict root account permissions

A

b) Grant the least privilege

That’s right! Don’t give more permissions than the user needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the IAM security tools that are available for auditing and what are they used for?

A
  • The IAM Credentials Report (account-level)
    Used for listing all the customer’s account users and the status of their various credentials.
  • The IAM Access Advisor(user-level)
    Used to show the service permissions granted to users and also shows when those services were last accessed.
    With this customers can revise policies based on the least-privilege principle.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can users access AWS?

A

To access AWS, you have three options:
• AWS Management Console (protected by password + MFA)
• AWS Command Line Interface (CLI): protected by access keys
• AWS Software Developer Kit (SDK) - for code: protected by access keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What’s the AWS CLI?

A

A tool that enables you to interact with AWS services using commands in your command-line shell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What’s the AWS SDK?

A

AWS Software Development Kit (AWS SDK)
• Language-specific APIs (set of libraries)
• Enables you to access and manage AWS services
programmatically
• Embedded within your application
• Supports
• SDKs (JavaScript, Python, PHP, .NET, Ruby, Java, Go,
Node.js, C++)
• Mobile SDKs (Android, iOS, …)
• IoT Device SDKs (Embedded C, Arduino, …)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly