AWS IAM Policy Flashcards
(207 cards)
1
Q
What does IAM stand for in AWS?
A
Identity and Access Management
2
Q
True or False: IAM policies can only be attached to users.
A
False
3
Q
What is the primary purpose of IAM policy conditions?
A
To specify under what conditions a policy is in effect.
4
Q
Fill in the blank: IAM policy conditions can be used to restrict actions based on __________.
A
specific attributes or context
5
Q
Which operator allows you to specify multiple values for a condition key in IAM policies?
A
StringEquals
6
Q
What is the effect of the ‘StringNotEquals’ operator in an IAM policy condition?
A
It allows access if the value does not match the specified string.
7
Q
True or False: All IAM policies must include a condition element.
A
False
8
Q
What is an example of a condition key used in IAM policies?
A
aws:SourceIp
9
Q
What does the condition key ‘aws:MultiFactorAuthPresent’ check for?
A
Whether MFA authentication is present.
10
Q
Which operator would you use to check if a string starts with a specific value?
A
StringLike
11
Q
True or False: Conditions can be combined using logical operators in IAM policies.
A
True
12
Q
What is the purpose of the ‘DateGreaterThan’ condition key?
A
To check if a date is later than a specified date.
13
Q
Fill in the blank: The ‘StringEqualsIgnoreCase’ operator compares strings without considering __________.
A
case sensitivity
14
Q
What is the effect of the ‘NumericLessThan’ condition operator?
A
It allows access if a numeric value is less than the specified number.
15
Q
Which policy element defines the conditions under which a policy statement is effective?
A
Condition
16
Q
True or False: The ‘aws:RequestTag’ condition key allows you to restrict actions based on tags attached to the request.
A
True
17
Q
What does the condition key ‘aws:UserAgent’ represent?
A
The user agent string of the client making the request.
18
Q
Fill in the blank: You can use the condition key ‘aws:PrincipalTag’ to restrict access based on __________.
A
tags associated with the principal
19
Q
What is the purpose of the ‘StringContains’ condition operator?
A
To check if a string contains a specified substring.
20
Q
True or False: IAM conditions can only be applied to resource-based policies.
A
False
21
Q
What is the effect of using ‘NumericEquals’ in an IAM policy condition?
A
It allows access if a numeric value exactly matches the specified number.
22
Q
Which condition key is used to restrict access based on the source IP address?
A
aws:SourceIp
23
Q
Fill in the blank: The ‘aws:SecureTransport’ condition key verifies if the request is made using __________.
A
HTTPS
24
Q
True or False: You can use conditions to limit actions based on the time of day.
A
True
25
What does the condition key 'aws:RequestedRegion' refer to?
The AWS region where the request is being made.
26
Fill in the blank: The 'aws:PrincipalOrgID' condition key restricts access based on the __________ of the AWS organization.
organization ID
27
What is the function of the 'IpAddress' condition operator?
To restrict access based on IP address.
28
True or False: The 'aws:UserArn' condition key can be used to specify conditions based on the ARN of the user making the request.
True
29
Which operator would you use to check if a numeric value is within a specified range?
NumericBetween
30
What is the purpose of the 'StringEquals' operator?
To check if two strings are exactly equal.
31
Fill in the blank: The 'aws:RequestTag' condition key is useful for __________.
controlling access based on resource tags
32
True or False: Conditions in IAM policies can apply to both actions and resources.
True
33
What does the 'aws:MultiFactorAuthAge' condition key measure?
The age of the MFA authentication in seconds.
34
Fill in the blank: The 'StringEquals' operator will return __________ if the strings do not match.
false
35
What is the effect of the 'NumericGreaterThanEquals' operator in IAM policies?
It allows access if a numeric value is greater than or equal to the specified number.
36
Which condition operator would you use to specify a list of allowed values for a condition key?
StringEquals
37
True or False: Conditions can be specified in both inline and managed IAM policies.
True
38
What does the 'aws:SourceVpce' condition key represent?
The VPC endpoint from which the request originated.
39
Fill in the blank: The 'DateLessThanEquals' condition key checks if a date is __________.
earlier than or equal to a specified date
40
What is the purpose of the 'Bool' condition operator?
To evaluate boolean conditions.
41
True or False: IAM policy conditions can help enforce security compliance.
True
42
Which condition key can be used to restrict actions based on the user's group membership?
aws:PrincipalTag
43
Fill in the blank: The 'StringNotLike' operator allows you to specify patterns that __________.
should not match
44
What does the 'aws:Requester' condition key identify?
The entity making the request.
45
True or False: You can use conditions to restrict access based on the time of the request.
True
46
What is the effect of the 'NumericNotEquals' condition operator?
It allows access if the numeric value does not match the specified number.
47
Which operator would you use to test if a string matches a specific pattern?
StringLike
48
Fill in the blank: The 'aws:PrincipalType' condition key specifies the type of __________ making the request.
principal
49
What does the 'aws:ResourceTag' condition key restrict based on?
Tags associated with the resource being accessed.
50
True or False: Conditions can be used to enforce the use of specific AWS services.
True
51
What is the purpose of the 'StringEqualsIfExists' operator?
It checks if the string equals the specified value if the key exists.
52
Fill in the blank: The 'aws:SecureTransport' condition key is used to enforce __________ connections.
secure (HTTPS)
53
Which operator would you use to restrict access based on the presence of certain tags?
StringEquals
54
True or False: You cannot use conditions to limit access based on the time zone.
True
55
What does the 'aws:UserId' condition key represent?
The unique identifier of the IAM user making the request.
56
Fill in the blank: The 'NumericLessThanEquals' operator allows access if the numeric value is __________.
less than or equal to the specified number
57
What is the effect of the 'StringNotEqualsIgnoreCase' operator?
It allows access if the string does not match the specified value, ignoring case.
58
Which operator checks if a string matches any of a set of specified values?
StringEquals
59
True or False: IAM conditions can be used to enforce compliance with organizational policies.
True
60
What does the 'aws:UserSessionDuration' condition key manage?
The duration of the user's session.
61
Fill in the blank: The 'aws:RequestTag' can be used to restrict actions based on __________ tags.
request
62
What is the primary benefit of using conditions in IAM policies?
To enforce fine-grained access control.
63
True or False: Conditions can be used to restrict access based on the environment from which the request originated.
True
64
Which condition operator allows for a range of numeric values?
NumericBetween
65
What does the 'aws:SessionContext' condition key provide context about?
The session context of the request.
66
Fill in the blank: The 'aws:SourceArn' condition key restricts access based on the __________ of the source.
Amazon Resource Name (ARN)
67
What is the effect of using the 'StringEquals' operator in a condition?
Access is allowed if the strings are equal.
68
True or False: IAM policy conditions can only be applied to specific services.
False
69
What is the purpose of the 'aws:ResourceOwner' condition key?
To restrict actions based on the owner of the resource.
70
What does IAM stand for in AWS?
Identity and Access Management
71
True or False: IAM policies can be attached to users, groups, and roles.
True
72
What is the purpose of IAM policy conditions?
To specify conditions under which a policy is effective.
73
Fill in the blank: IAM policies are written in ______.
JSON
74
Which key in an IAM policy defines the actions allowed or denied?
Action
75
What do you use to specify the conditions for an IAM policy?
Condition key
76
True or False: Conditions can only be used in Allow statements.
False
77
What is the effect of a policy with the 'Deny' effect?
It explicitly denies the actions defined in the policy.
78
What are the two types of condition keys used in IAM policies?
AWS-specific condition keys and user-defined condition keys.
79
Which operator would you use to check if a value matches a specific string?
StringEquals
80
True or False: The condition key 'aws:RequestTag' can be used to control access based on tags.
True
81
What is the purpose of the 'StringNotEquals' operator?
To deny access if the specified string does not match.
82
Fill in the blank: The condition key 'aws:SourceIp' is used to restrict access based on ______.
IP address
83
What does the 'NumericLessThan' condition operator do?
It checks if a numeric value is less than a specified value.
84
True or False: IAM policy conditions can include multiple keys.
True
85
What is the effect of the 'StringLike' condition operator?
It checks if a string matches a specified pattern.
86
Which condition key would you use to check the user's MFA status?
aws:MultiFactorAuthPresent
87
What does the 'DateGreaterThan' operator check?
It checks if a date is greater than a specified date.
88
Fill in the blank: Condition keys are specified under the ______ section of an IAM policy.
Condition
89
True or False: Policies without conditions will always allow access.
False
90
What is the significance of the 'aws:UserAgent' condition key?
It allows policies to restrict access based on the user's client application.
91
Which operator would you use to check if a value is not in a specified list?
StringNotEquals
92
What is the purpose of the 'StringEqualsIgnoreCase' operator?
To check if two strings are equal, ignoring case differences.
93
True or False: The 'aws:RequestTag' key can be used to enforce tagging policies.
True
94
What is a common use case for the 'aws:SecureTransport' condition key?
To enforce the use of HTTPS for requests.
95
Fill in the blank: The 'aws:PrincipalOrgID' condition key is used to restrict access based on ______.
AWS Organizations
96
Which operator checks if a numeric value is within a specified range?
NumericBetween
97
True or False: IAM policies can use logical operators like 'StringEquals' and 'StringNotEquals' together.
True
98
What does the 'aws:SourceArn' condition key refer to?
The Amazon Resource Name (ARN) of the source of the request.
99
Fill in the blank: The 'aws:ResourceTag' condition key is used to control access based on ______.
resource tags
100
Which condition operator checks if a value is equal to one of several specified values?
StringEquals
101
True or False: You can use conditions to restrict access based on the time of day.
True
102
What is the purpose of the 'aws:Requester' condition key?
To specify the identity of the requester.
103
Fill in the blank: The 'aws:UserId' key identifies a specific ______.
IAM user
104
What does the 'aws:PrincipalType' condition key define?
The type of principal making the request (user, role, etc.).
105
True or False: Conditions can only be applied to IAM policies in the AWS Management Console.
False
106
What does the 'StringEqualsIfExists' operator do?
It checks for equality but does not fail if the key does not exist.
107
Fill in the blank: The 'aws:SourceVpce' condition key restricts access based on ______.
VPC Endpoint
108
Which condition key would you use to check the region from which a request is made?
aws:RequestedRegion
109
True or False: The 'aws:MultiFactorAuthAge' condition key can be used to enforce MFA age limits.
True
110
What does the 'NumericEquals' operator check?
It checks if a numeric value is equal to a specified value.
111
Fill in the blank: The 'aws:SecureTransport' condition key is used to ensure that requests are made over ______.
HTTPS
112
Which operator would you use to enforce a condition based on the presence of a tag?
Bool
113
True or False: The 'aws:PrincipalArn' key can be used to limit access based on the ARN of the caller.
True
114
What is the purpose of the 'aws:VPCSourceIp' condition key?
To restrict access based on the source IP address within a VPC.
115
Fill in the blank: The 'aws:SourceAccount' condition key can be used to restrict access based on the ______.
AWS account ID
116
What does the 'NumericGreaterThanEquals' operator check?
It checks if a numeric value is greater than or equal to a specified value.
117
True or False: Conditions must be used in every IAM policy.
False
118
What is the significance of the 'aws:RequestTag' condition key?
It allows policies to control access based on the tags applied to requests.
119
Fill in the blank: The 'aws:SourceArn' condition key restricts access based on the ______ of the resource.
ARN
120
Which operator would you use to check if a numeric value is less than or equal to a specified value?
NumericLessThanEquals
121
True or False: The 'aws:ResourceOwner' condition key can be used to control access based on resource ownership.
True
122
What does the 'aws:Requester' condition key identify?
The entity making the request.
123
Fill in the blank: The 'aws:UserTag' condition key is used to control access based on ______.
user tags
124
Which condition operator checks if a specified string starts with a given prefix?
StringLike
125
True or False: The 'aws:PrincipalOrgID' condition key can be used to restrict access to specific organizational units.
True
126
What is the purpose of the 'aws:ResourceTag' condition key?
To control access based on tags associated with a resource.
127
Fill in the blank: The 'DateLessThan' operator checks if a date is ______ than a specified date.
less
128
Which operator would you use to check if a value is present?
Bool
129
True or False: IAM policies can include conditions that reference other AWS services.
True
130
What does the 'aws:UserId' condition key represent?
The unique identifier for an IAM user.
131
Fill in the blank: The 'aws:VpcSourceIp' condition key restricts access based on the ______ of the request.
IP address
132
Which condition key would you use to restrict access based on the service being accessed?
aws:ServiceName
133
True or False: The 'aws:SecureTransport' condition key is not applicable to S3 bucket policies.
False
134
What is the effect of using the 'NumericLessThan' operator in a policy?
It denies access if the numeric value exceeds the specified limit.
135
Fill in the blank: The 'aws:SourceVpce' condition key is used to restrict access based on a ______ endpoint.
VPC
136
Which operator checks if a string ends with a specific suffix?
StringLike
137
What does the 'aws:PrincipalType' condition key identify?
The type of IAM entity making the request.
138
Fill in the blank: The 'aws:SourceAccount' key restricts access based on the ______ of the requester.
AWS account ID
139
What does IAM stand for in AWS?
Identity and Access Management
140
True or False: IAM policies can be attached to users, groups, and roles.
True
141
What is the purpose of IAM policy conditions?
To specify conditions under which a policy is effective.
142
Fill in the blank: IAM policies are written in ______.
JSON
143
Which key in an IAM policy defines the actions allowed or denied?
Action
144
What do you use to specify the conditions for an IAM policy?
Condition key
145
True or False: Conditions can only be used in Allow statements.
False
146
What is the effect of a policy with the 'Deny' effect?
It explicitly denies the actions defined in the policy.
147
What are the two types of condition keys used in IAM policies?
AWS-specific condition keys and user-defined condition keys.
148
Which operator would you use to check if a value matches a specific string?
StringEquals
149
True or False: The condition key 'aws:RequestTag' can be used to control access based on tags.
True
150
What is the purpose of the 'StringNotEquals' operator?
To deny access if the specified string does not match.
151
Fill in the blank: The condition key 'aws:SourceIp' is used to restrict access based on ______.
IP address
152
What does the 'NumericLessThan' condition operator do?
It checks if a numeric value is less than a specified value.
153
True or False: IAM policy conditions can include multiple keys.
True
154
What is the effect of the 'StringLike' condition operator?
It checks if a string matches a specified pattern.
155
Which condition key would you use to check the user's MFA status?
aws:MultiFactorAuthPresent
156
What does the 'DateGreaterThan' operator check?
It checks if a date is greater than a specified date.
157
Fill in the blank: Condition keys are specified under the ______ section of an IAM policy.
Condition
158
True or False: Policies without conditions will always allow access.
False
159
What is the significance of the 'aws:UserAgent' condition key?
It allows policies to restrict access based on the user's client application.
160
Which operator would you use to check if a value is not in a specified list?
StringNotEquals
161
What is the purpose of the 'StringEqualsIgnoreCase' operator?
To check if two strings are equal, ignoring case differences.
162
True or False: The 'aws:RequestTag' key can be used to enforce tagging policies.
True
163
What is a common use case for the 'aws:SecureTransport' condition key?
To enforce the use of HTTPS for requests.
164
Fill in the blank: The 'aws:PrincipalOrgID' condition key is used to restrict access based on ______.
AWS Organizations
165
Which operator checks if a numeric value is within a specified range?
NumericBetween
166
True or False: IAM policies can use logical operators like 'StringEquals' and 'StringNotEquals' together.
True
167
What does the 'aws:SourceArn' condition key refer to?
The Amazon Resource Name (ARN) of the source of the request.
168
Fill in the blank: The 'aws:ResourceTag' condition key is used to control access based on ______.
resource tags
169
Which condition operator checks if a value is equal to one of several specified values?
StringEquals
170
True or False: You can use conditions to restrict access based on the time of day.
True
171
What is the purpose of the 'aws:Requester' condition key?
To specify the identity of the requester.
172
Fill in the blank: The 'aws:UserId' key identifies a specific ______.
IAM user
173
What does the 'aws:PrincipalType' condition key define?
The type of principal making the request (user, role, etc.).
174
True or False: Conditions can only be applied to IAM policies in the AWS Management Console.
False
175
What does the 'StringEqualsIfExists' operator do?
It checks for equality but does not fail if the key does not exist.
176
Fill in the blank: The 'aws:SourceVpce' condition key restricts access based on ______.
VPC Endpoint
177
Which condition key would you use to check the region from which a request is made?
aws:RequestedRegion
178
True or False: The 'aws:MultiFactorAuthAge' condition key can be used to enforce MFA age limits.
True
179
What does the 'NumericEquals' operator check?
It checks if a numeric value is equal to a specified value.
180
Fill in the blank: The 'aws:SecureTransport' condition key is used to ensure that requests are made over ______.
HTTPS
181
Which operator would you use to enforce a condition based on the presence of a tag?
Bool
182
True or False: The 'aws:PrincipalArn' key can be used to limit access based on the ARN of the caller.
True
183
What is the purpose of the 'aws:VPCSourceIp' condition key?
To restrict access based on the source IP address within a VPC.
184
Fill in the blank: The 'aws:SourceAccount' condition key can be used to restrict access based on the ______.
AWS account ID
185
What does the 'NumericGreaterThanEquals' operator check?
It checks if a numeric value is greater than or equal to a specified value.
186
True or False: Conditions must be used in every IAM policy.
False
187
What is the significance of the 'aws:RequestTag' condition key?
It allows policies to control access based on the tags applied to requests.
188
Fill in the blank: The 'aws:SourceArn' condition key restricts access based on the ______ of the resource.
ARN
189
Which operator would you use to check if a numeric value is less than or equal to a specified value?
NumericLessThanEquals
190
True or False: The 'aws:ResourceOwner' condition key can be used to control access based on resource ownership.
True
191
What does the 'aws:Requester' condition key identify?
The entity making the request.
192
Fill in the blank: The 'aws:UserTag' condition key is used to control access based on ______.
user tags
193
Which condition operator checks if a specified string starts with a given prefix?
StringLike
194
True or False: The 'aws:PrincipalOrgID' condition key can be used to restrict access to specific organizational units.
True
195
What is the purpose of the 'aws:ResourceTag' condition key?
To control access based on tags associated with a resource.
196
Fill in the blank: The 'DateLessThan' operator checks if a date is ______ than a specified date.
less
197
Which operator would you use to check if a value is present?
Bool
198
True or False: IAM policies can include conditions that reference other AWS services.
True
199
What does the 'aws:UserId' condition key represent?
The unique identifier for an IAM user.
200
Fill in the blank: The 'aws:VpcSourceIp' condition key restricts access based on the ______ of the request.
IP address
201
Which condition key would you use to restrict access based on the service being accessed?
aws:ServiceName
202
True or False: The 'aws:SecureTransport' condition key is not applicable to S3 bucket policies.
False
203
What is the effect of using the 'NumericLessThan' operator in a policy?
It denies access if the numeric value exceeds the specified limit.
204
Fill in the blank: The 'aws:SourceVpce' condition key is used to restrict access based on a ______ endpoint.
VPC
205
Which operator checks if a string ends with a specific suffix?
StringLike
206
What does the 'aws:PrincipalType' condition key identify?
The type of IAM entity making the request.
207
Fill in the blank: The 'aws:SourceAccount' key restricts access based on the ______ of the requester.
AWS account ID
