Security, Identity & Compliance Flashcards

1
Q

What is IAM about?

A

USER account permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List features of IAM

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You need to be able to look at policies

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the key aspects of policies you need to understand?

A

(EAR)

Effect
Action
Resource

In exam you need to be able to understand, write & potentially fix a policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name the 2 policy types:

A

Identity (IAM, inline)
Resource (policy doc attached to resource, managed)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Practice reading IAM policies on GITHUB

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

If there 5 allows and 1 deny. What happens?

A

Its denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What happens if there’s no policy attached?

A

Everything will be denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Identify Federation?

A

Its being able to set up different identity provider but still get access to your account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Cognito?

A

It lets us do logins for our APP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is diff between IAM Policy and Cognito?

A

IAM Policy we are giving access to AWS Account

With Cognito, we are managing users with access to our accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is user pools about?

A

User pool is a user directory for web and mobile app authentication and authorisation

(WHO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the identity pools?

A

Provides temporary access to users who are guests (unauthenticated) and for users who have been authenticated and received a token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the difference between federated login with IAM Policy and federated login with Cognito?

A

federated login with IAM Policy

federated login with Cognito

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Whats a policy doc

A

A json
EAR
effect
action
resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is AWS Certificate Manager useful for?

A

Securing data in transit

17
Q

What is difference between private and public AWS Certificate Manager?

A

ACM public is from the internet
ACM private is internal aws

18
Q

Does KMS encrypt data at rest?

A

Yes

19
Q

Whats the order 4 IAM policies are evaluated

A
  1. Organizational Service Control
  2. Resource based
  3. IAM permissions boundaries
  4. Identity based