Identity And Access Management

Question 1

What does IAM stand for?

Answer 1

Identity and Access Management

Question 2

Is IAM a global or regional service?

Answer 2

Global

Question 3

Can IAM groups contain other groups?

Answer 3

No

Question 4

Can a user not belong to a group?

Answer 4

Yes

Question 5

Can a user belong to multiple groups?

Answer 5

Yes

Question 6

What are the JSON documents assigned to users or groups in IAM called?

Answer 6

Policies

Question 7

What do policies in IAM do?

Answer 7

Define the permissions of the users

Question 8

What is the least privilege principle?

Answer 8

Don’t give more permissions than a user needs

Question 9

What is a common policy attached to admin groups?

Answer 9

AdministratorAccess

Question 10

What are IAM tags?

Answer 10

Key value pairs you can add to your user. Used to organize, track, or control access for this user

Question 11

Can you create a custom sign-in url for IAM users?

Answer 11

Yes

Question 12

What are the two users that you can use to sign into AWS console?

Answer 12

Root and IAM user

Question 13

What is a good policy to attach to groups so users can see all info but not change it?

Answer 13

IAMReadOnlyAccess

Question 14

What is a managed policy?

Answer 14

A policy create and managed by AWS

Question 15

What does MFA stand for?

Answer 15

Multi Factor Authentication

Question 16

What are the 2 parts of MFA

Answer 16

1. Password you know

2. Security device you own

Question 17

What are the MFA device options in AWS?

Answer 17

1. Virtual MFA device such as Google Authenticator or Authy (support for multiple tokens on a single device)
2. Universal 2nd Factor (USF) Security Key (support for multiple root and IAM users using a single security key)
3. Hardware Key Fob MFA Device
4. Hardware Key Fob MFA Device for AWS GovCloud

Question 18

What are the 3 options for users to access AWS?

Answer 18

1. AWS Management Console (protected by password + MFA)
2. AWS Command Line Interface (CLI) (protected by access keys
3. AWS Software Developer Kit (SDK) (for code: protected by access keys)

Question 19

Where are access keys generated?

Answer 19

AWS Console

Question 20

Can users generate/manage their own access keys?

Answer 20

Yes

Question 21

What are the two parts of an access key?

Answer 21

1. Access key ID ~= username

2. Secret Access Key ~= password

Question 22

What is AWS CloudShell?

Answer 22

A browser-based shell that gives you command-line access to your AWS resources in the selected AWS region

Question 23

What is an IAM Role?

Answer 23

An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.

Question 24

What are 2 IAM Security Tools?

Answer 24

1. IAM Credentials Report (account-level)

2. IAM Access Advisor (user-level)

Question 25

What is IAM Credentials Report?

Answer 25

A report that lists all your account’s users and the status fo their various credentials

Question 26

What is IAM Access Advisor?

Answer 26

Access advisor shows the service permissions granted to a user and when those services were last accessed

Question 27

Is it good to audit permissions of your account with the IAM Credentials Report?

Answer 27

Yes

Question 28

In the shared responsibility model for IAM what are you responsible for?

Answer 28

1. Users, Groups, Roles, Policies management and monitoring
2. Enable MFA on all accounts
3. Rotate all your keys often
4. Use IAM tools to apply appropriate permissions
5. Analyze access patterns & review permissions

Question 29

What is a proper definition of IAM Roles?

1. An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS services
2. IAM Users in multiple groups
3. A password policy
4. Permissions assigned to Users to perform actions

Answer 29

An IAM entity that defines a set of permissions for making AWS service requests, that will be used by AWS services

Question 30

Which of the following is an IAM Security Tool?

1. IAM Credentials Report
2. IAM Root Account Manager
3. IAM Services Report
4. IAM Security Advisor

Answer 30

IAM Credentials Report

Question 31

Which answer is incorrect regarding IAM users?

1. IAM Users can belong to multiple groups
2. IAM Users don’t have to belong to a group
3. IAM Users can have policies assigned to them
4. IAM Users access AWS with the root account credentials

Answer 31

IAM Users access AWS with the root account credentials

Question 32

Which of the following is an IAM best practice?

1. Don’t use the root user account
2. Create several users for a physical person
3. Share credentials so a colleague can perform a task for you
4. Do not enable MFA for easier access

Answer 32

Don’t use the root user account

Question 33

What are IAM Policies?

1. AWS services performable actions
2. JSON documents to define Users, Groups or Roles’ permissions
3. Rules to set up a password for IAM Users

Answer 33

JSON documents to define Users, Groups or Roles’ permissions

Question 34

Under the shared responsibility model, what is the customer responsibility for in IAM?

1. Infrastructure security
2. Compliance validation
3. Configuration and vulnerability analysis
4. Assigning users proper IAM Policies

Answer 34

Assigning users proper IAM Policies

Question 35

What principle should you apply regarding IAM Permissions?

1. Grant most privilege
2. Grant least privilege
3. Grant permissions if your employee asks you to
4. Restrict root account permissions

Answer 35

Grant least privilege

Question 36

What should you do to increase your root account security?

1. Enable Multi-Factor Authentication
2. Remove permissions for the root account
3. Use AWS only through the Command Line Interface

Answer 36

Enable Multi-Factor Authentication