Section 4: IAM & AWS CLI

Question 1

What does IAM stand for?

Answer 1

Identity and Access Management

Question 2

Can a group contain another group?

Answer 2

No

Question 3

Do users have to belong to a group?

Answer 3

No, but it’s not best practice

Question 4

Can users belong to multiple groups?

Answer 4

Yes

Question 5

What kind of service is IAM (global or regional)?

Answer 5

Global

Question 6

What are the MFA options on AWS?

Answer 6

1. Virtual MFA device (google authenticator/authy)
2. Universal Second Factory U2F (Yubikey)
3. Hardware Key Fob

Question 7

What is an IAM role?

Answer 7

An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service

Question 8

True or False: IAM User groups can contain IAM users and other user groups

Answer 8

False. IAM User Groups can only contains IAM Users

Question 9

What are the fields in the IAM Policy Structure

Answer 9

Version: (YYYY-MM-DD)
Id: Optional
Statement:
Principal: account/user/role to which
policy is applied
Effect: Allow/Deny access
Action: List of allow/deny actions
Resource: Resource the action is applied to
Sid: statement Id - Optional

Question 10

How can you audit IAM usage?

Answer 10

By creating a IAM credentials report and using the IAM access advisor service.