IAM- Identity and Access Management

Question 1

What is a proper definition of IAM Roles?

a) An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS services
b) IAM Users in multiple Groups
c) A password policy
d) Permissions assigned to Users to perform actions

Answer 1

a) An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS services

Some AWS service will need to perform actions on your behalf. To do so, you assign permissions to AWS services with IAM Roles.

Question 2

Which of the following is an IAM Security Tool?

a) IAM Credentials Report
b) IAM Root Account Manager
c) IAM Services Report
d) IAM Security Advisor

Answer 2

a) IAM Credentials Report

IAM Credentials report lists all your account’s users and the status of their various credentials. The other IAM Security Tool is IAM Access Advisor. It shows the service permissions granted to a user and when those services were last accessed.

Question 3

Which answer is INCORRECT regarding IAM Users?

a) IAM Users can belong to multiple groups
b) IAM Users don’t have to belong to a group
c) IAM Users can have policies assigned to them
c) IAM Users access AWS with the root account credentials

Answer 3

c) IAM Users access AWS with the root account credentials

IAM Users access AWS using a username and a password.

Question 4

Which of the following is an IAM best practice?

a) Don’t use the root user account
b) Create several users for a physical person
c) Share credentials so a colleague can perform a task for you
d) Do not enable MFA for easier access

Answer 4

a) Don’t use the root user account

You only want to use the root account to create your first IAM user, and for a few account and service management tasks. For every day and administration tasks, use an IAM user with permissions.

Question 5

What are IAM Policies?

a) AWS services to perform actions
b) JSON documents to define Users, Groups, or Roles’ permissions
c) Rules to set up a password for IAM

Answer 5

b) JSON documents to define Users, Groups, or Roles’ permissions

An IAM policy is an entity that, when attached to an identity or resource, defines their permissions.

Question 6

Under the shared responsibility model, what is the customer responsible for in IAM?

a) Infrastructure security
b) Compliance validation
c) Configuration and vulnerability analysis
d) Assigning users proper IAM Policies

Answer 6

d) Assigning users proper IAM Policies

Customers are responsible for defining and using IAM policies.

Question 7

Which principle should you apply regarding IAM Permissions?

a) Grant most privilege
b) Grant the least privilege
c) Grant permissions if your employee asks to
d) Restrict root account permissions

Answer 7

b) Grant the least privilege

That’s right! Don’t give more permissions than the user needs.

Question 8

What are the IAM security tools that are available for auditing and what are they used for?

Answer 8

• The IAM Credentials Report (account-level)
  Used for listing all the customer’s account users and the status of their various credentials.
• The IAM Access Advisor(user-level)
  Used to show the service permissions granted to users and also shows when those services were last accessed.
  With this customers can revise policies based on the least-privilege principle.