IAM COPY

Question 1

T or F I am allows you to manage users and their level of access to the AWS console

Answer 1

True

Question 2

What are the major benefits of IAM?

Answer 2

1. Centralized control of your AWS account. 2.Shared access to your AWS account 3. Granular permissions 4. identify Federation 5. multifactor authentication 6. temp access for users, devices, and services 7. allows password rotation 8. integrates with many AWS services 9. PCI and DSS compliant

Question 3

IAM users

Answer 3

people

Question 4

IAM Groups

Answer 4

A collection of users under 1 set of permissions

Question 5

IAM Roles

Answer 5

You create roles and can assign them to resources

Question 6

IAM Policies

Answer 6

A document that defines one or more permissions

Question 7

T or F IAM is not universal and applies to specific regions

Answer 7

False IAM is universal and it does not apply to regions at this time.

Question 8

The ____ account is simply the account created when first setup your AWS account.

Answer 8

root

Question 9

T or F The root account has complete admin access

Answer 9

True

Question 10

T or F New users have basic permissions when first created

Answer 10

False New users have no permissions when first created

Question 11

New users are assigned ____ and ____ when first created.

Answer 11

access key ID and secret access keys

Question 12

Can you use the access key and secret access key to login to the AWS management console?

Answer 12

No, they cannot be used to log into the console. They are not the same as a password.

Question 13

What can you use the Access key ID and secret access key for?

Answer 13

They can be used to access AWS via the APIs and command line.

Question 14

T or F You can view your Access Key ID and secret access key anytime by logging into the AWS console and checking IAM.

Answer 14

False They can only be viewed once. You need to store them in a secure location. If you lose them, you have to create new keys.

Question 15

Always setup _____ on the root account

Answer 15

MFA

Question 16

T or F You can create and customize your own password rotation policy

Answer 16

True

Question 17

_____ allow you to not use Access Key IDs and Secret Access Keys

Answer 17

Roles

Question 18

T or F Roles are preferred over IAM accounts from a security perspective

Answer 18

True

Question 19

Roles are controller by _______

Answer 19

policies

Question 20

T or F You can change a policy on a role and it takes some time to propagate.

Answer 20

False, changes are instant.

Question 21

T or F You can attach and detach roles to running EC2 instances without having to stop or terminate these instances.

Answer 21

True

Question 22

Advanced IAM

___ ___ ___ lets you give your users access to AWS resources after they have sucessfully authenticated with a web-based identity provider like Amazon, Facebook, or Google.

Answer 22

web identity federation

Question 23

Advanced IAM

Following successful auth, the user receives an auth code from teh web ID provider, which they can trade for temp AWS _____ creds

Answer 23

security

Question 25

Advanced IAM policies

____ ___ ____ is used to define user access permissions within AWS

Answer 25

Identity Access Management (IAM)

Question 26

What are the 3 different types of IAM polcies available?

Answer 26

Managed policies; customer managed policies; inline policies

Question 27

Which type of policy is this?

Manged; Inline; Custom

-This is an IAM policy which is created and adminsitrered by AWS

Answer 27

Managed

Question 28

Which type of policy is this?

Manged; Inline; Custom

-AWS provides these polcies for common use cases based on job function ie: AmazonDynamoDBFullAccess, AWSCodeCommitPowerUser, AmazonEC2ReadOnlyAccess

Answer 28

managed

Question 29

Which type of policy is this?

Manged; Inline; Custom

-these aws-provided policies allow you to assign appropriate permission to your users, groups, and roles without having to write the policy yourself

Answer 29

managed

Question 30

Which type of policy is this?

Manged; Inline; Custom

-A single policy of this type can be attached to multiple users, groups, or roles withing hte same AWS account and accross different accounts.

Answer 30

manged

Question 31

Which type of policy is this?

Manged; Inline; Custom

-you can’t change the permissions defined in this type of policy

Answer 31

managed

Question 32

Which type of policy is this?

Manged; Inline; Custom

-A standalone policy that you can create and administer inside your own AWS account. You can attaqch this polciy to multiple users, groups, and roles - but only within your account.

Answer 32

custom

Question 33

Which type of policy is this?

Manged; Inline; Custom

-in order to create this type of policy, you can copy an existin AWS policy and customize it to fit the requirements of your organization.

Answer 33

custom

Question 34

Which type of policy is this?

Manged; Inline; Custom

-recommended for use cases where the existing AWS policies don’t meet the needs of your environment.

Answer 34

custom

Question 35

Which type of policy is this?

Manged; Inline; Custom

-An IAM policy which si actually embeded with the user, group, or role to which it applies. Ther eis a strict 1:1 relationship between the entity and the policy.

Answer 35

Inline

Question 36

Which type of policy is this?

Manged; Inline; Custom

-When you delete the user, group, or role in which this policy is embeded, the policy will also be deleted.

Answer 36

Inline

Question 37

Which type of policy is this?

Manged; Inline; Custom

-In most cases, AWS recommends using Managed policies over these polcies.

Answer 37

Inline

Question 38

Which type of policy is this?

Manged; Inline; Custom

-These policies are useful when you want to be sure that the permissions in a policy are not inadvertently assigned to any other user, group, or role than the one for which they’re intended ie: you are creating a policy that must only ever be attached to a single user, group, or role)

Answer 38

inline

Question 40

With ___ ____ ____, many AWS customers use separate AWs accounts for their development and prod resources. This separation allows them to cleanly separate different types of resources and can also provide some security benefits.

Answer 40

Cross Account Access

Question 41

___ ___ ___ makes it easier for you to work productively within a multiaccount (or multi-role) AWS environment by making it easy for you to switch roles within the AWS management console. YOu can now sign into the console using your IAM user name then switch the console to manage another account without having to enter (or remember) another user name and password.

Answer 41

Cross Account Access

Question 42

Put these steps in order:

• switch accounts
• apply it to teh developer group
• log in to the developer account
• create the “UpdateApp” Cross Account Role
• Log into production
• create a group IAM-Dev
• Identify our account numbers
• Create a user IAM-dev
• Create teh “read-write-app-bucket” policy
• Apply the newly created policy to the role
• Create a new inline policy
• Log in as Erik

Answer 42

• Identify our account numbers
• create a group IAM-Dev
• Create a user IAM-dev
• Log into production
• Create teh “read-write-app-bucket” policy
• create the “UpdateApp” Cross Account Role
• Apply the newly created policy to the role
• log in to the developer account
• Create a new inline policy
• apply it to teh developer group
• Log in as Erik
• switch accounts