IAM- Identity and Access Management Flashcards
What is a proper definition of IAM Roles?
a) An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS services
b) IAM Users in multiple Groups
c) A password policy
d) Permissions assigned to Users to perform actions
a) An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS services
Some AWS service will need to perform actions on your behalf. To do so, you assign permissions to AWS services with IAM Roles.
Which of the following is an IAM Security Tool?
a) IAM Credentials Report
b) IAM Root Account Manager
c) IAM Services Report
d) IAM Security Advisor
a) IAM Credentials Report
IAM Credentials report lists all your account’s users and the status of their various credentials. The other IAM Security Tool is IAM Access Advisor. It shows the service permissions granted to a user and when those services were last accessed.
Which answer is INCORRECT regarding IAM Users?
a) IAM Users can belong to multiple groups
b) IAM Users don’t have to belong to a group
c) IAM Users can have policies assigned to them
c) IAM Users access AWS with the root account credentials
c) IAM Users access AWS with the root account credentials
IAM Users access AWS using a username and a password.
Which of the following is an IAM best practice?
a) Don’t use the root user account
b) Create several users for a physical person
c) Share credentials so a colleague can perform a task for you
d) Do not enable MFA for easier access
a) Don’t use the root user account
You only want to use the root account to create your first IAM user, and for a few account and service management tasks. For every day and administration tasks, use an IAM user with permissions.
What are IAM Policies?
a) AWS services to perform actions
b) JSON documents to define Users, Groups, or Roles’ permissions
c) Rules to set up a password for IAM
b) JSON documents to define Users, Groups, or Roles’ permissions
An IAM policy is an entity that, when attached to an identity or resource, defines their permissions.
Under the shared responsibility model, what is the customer responsible for in IAM?
a) Infrastructure security
b) Compliance validation
c) Configuration and vulnerability analysis
d) Assigning users proper IAM Policies
d) Assigning users proper IAM Policies
Customers are responsible for defining and using IAM policies.
Which principle should you apply regarding IAM Permissions?
a) Grant most privilege
b) Grant the least privilege
c) Grant permissions if your employee asks to
d) Restrict root account permissions
b) Grant the least privilege
That’s right! Don’t give more permissions than the user needs.
What are the IAM security tools that are available for auditing and what are they used for?
- The IAM Credentials Report (account-level)
Used for listing all the customer’s account users and the status of their various credentials. - The IAM Access Advisor(user-level)
Used to show the service permissions granted to users and also shows when those services were last accessed.
With this customers can revise policies based on the least-privilege principle.