Identity Access Management (IAM)

Question 1

List 4 steps to secure your AWS Root Account

Answer 1

• Enable multi-factor authentication
• Create and admin group for administrators, and assign the appropriate permissions to this group
• Create user accounts for your administrators
• Add your users to the admin group

Question 2

True or false? IAM is region specific.

Answer 2

False. IAM is universal. It does not apply to regions at this time

Question 3

This is the account created when you first set up your AWS account and it has complete admin access.

Answer 3

The root account

Question 4

What are the default permissions for new users?

Answer 4

New users have no permissions when first created.

Question 5

You cannot use _____ and _______ to log into the console. However, you would use them to access AWS via the APIs and Command line.

Answer 5

Access key ID, secret access key

Question 6

True or False: If you loose your Access key ID you can recover it from the AWS console.

Answer 6

False. If you loose your Access key ID, secret access key you have to regenerate them. So, save them in a secure location.

Question 7

What capability does IAM federation provide?

Answer 7

IAM federation allows you to combine your existing user account (ie. Active Directory Account) to log into AWS

Question 8

Identity federation uses the _____ standard.

Answer 8

SAML, which is essentially active directly

Question 9

What does the “EAR” in a policy document stand for?

Answer 9

Effect, Action, Resource

Question 10

The principle of _______ is described as only assigning a user the minimum amount of permissions that they need to do their job.

Answer 10

Least Privilege

Question 11

True or False? AWS requires MFA to be enabled for all users.

Answer 11

False. Though it is highly recommended as a best practice.

Question 12

What is the single best thing you can do to secure the root account in AWS?

Answer 12

Enable multi-factor authentication (MFA)