Section 19: IAM - Advanced Flashcards Preview

AWS Associate Developer Exam > Section 19: IAM - Advanced > Flashcards

Flashcards in Section 19: IAM - Advanced Deck (5)
Loading flashcards...
1

We need to gain access to a Role in another AWS account. How is it done?
A) We should ask for them to create a user for us
B) We should ask them to send us access keys
C) We should use the STS service to gain temporary credentials

C) We should use the STS service to gain temporary credentials

STS will allow us to get cross account access through the creation of a role in our account authorized to access a role in another account. See more here: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

2

You have a mobile application and would like to give your users access to their own personal space in Amazon S3. How do you achieve that?
A) Generate IAM user credentials for each of your application's users
B) Use Cognito Identity Federation
C) Use SAML Identity Federation
D) Use a Bucket Policy to make your bucket policy

B) Use Cognito Identity Federation

Cognito is made to federate mobile user accounts and provide them with their own IAM policy. As such, they should be able thanks to that policy to access their own personal space in Amazon S3.

3

You have strong regulatory requirements to only allow fully internally audited AWS Services in production. You still want to allow your teams to experiment in development environments while services are being audited. How can you best set this up?

A) Provide the Dev team with a completely independent AWS account
B) Create an AWS Organization and create two Prod and Dev OU. Apply a SCP on Prod
C) Apply a Global IAM Policy on your production account
D) Create an AWS Config Rule

B) Create an AWS Organization and create two Prod and Dev OU. Apply a SCP on Prod

4

You have an on-premise active directory setup and would like to provide access for your on-premise users to the multiple accounts you have in AWS. The solution should scale to adding accounts in the future. What do you recommend?

A) Setup the SAML 2.0 integration between each AWS account and your on-premise AD
B) Setup AWS Single Sign-On
C) Setup Web Identity Federation through Cognito
D) Create a Lambda function that automatically creates a corresponding IAM user in every AWS account each user in your AD

B) Setup AWS Single Sign-On

5

Which AWS Directory Service allows you to proxy requests to your on-premise active directory?
A) AD on EC2
B) Managed Microsoft AD
C) AD Connector
D) Simple AD

C) AD Connector