Securing a new AWS Account Flashcards

1
Q

What is the recommended practice regarding the AWS root account?

A

AWS recommends not using the root account for day-to-day interactions due to security reasons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the AWS root account?

A

The AWS root account is the initial account created when setting up an AWS account, which has complete access to all AWS services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What security measures should be taken with the AWS root account?

A

Enabling Multi-Factor Authentication (MFA) and securing the root account’s access keys are recommended security measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the principle of least privilege in IAM?

A

The principle of least privilege suggests granting users or entities only the permissions necessary to perform their tasks, reducing potential security risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How can the root account be secured using IAM?

A

The root account can be secured by creating an IAM user for day-to-day interactions, enabling a password policy, and implementing MFA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the purpose of creating an IAM group?

A

Creating an IAM group helps organize users and apply policies to multiple users simultaneously, simplifying access management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can MFA be enabled for an AWS account?

A

MFA can be enabled for an AWS account, including the root account and administrator users, through the IAM console.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does AWS CloudTrail do?

A

AWS CloudTrail is a service that logs API requests made within an AWS account, enabling operational auditing and providing insights for security investigations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How long does AWS CloudTrail keep logs by default?

A

AWS CloudTrail keeps logs for the last 90 days by default, but users can extend the retention period as needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the AWS cost and usage report?

A

The AWS cost and usage report provides information about resource usage and estimated costs, delivering the reports to an Amazon S3 bucket specified by the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the benefits of enabling billing reports for an AWS account?

A

Enabling billing reports helps track resource usage, monitor costs, and maintain compliance by providing detailed usage and cost information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the recommended practice for securing access to the AWS Management Console for administrators?

A

Administrators should use IAM users with MFA enabled and should avoid using the root account for day-to-day activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What should be done before starting to use a new administrator access account?

A

Before using a new administrator access account, disable and remove root account access keys if they exist and sign in using the new user credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How can IAM policies be used to manage permissions effectively?

A

IAM policies can be used to define specific permissions for users, groups, or roles based on the principle of least privilege, ensuring users have only necessary access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some fundamental security steps recommended by AWS for new accounts?

A

AWS recommends creating IAM users, enabling MFA, implementing password policies, and using IAM groups with defined policies for effective access management in new accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

hat should be done with the AWS root user credentials and MFA device?

A

AWS root user credentials and the MFA device should be securely stored in a safe place to prevent unauthorized access.

17
Q
A