AWS STS

Question 1

What does STS stand for in AWS?

Answer 1

Security Token Service

Question 2

True or False: AWS STS allows users to create temporary security credentials.

Answer 2

True

Question 3

Fill in the blank: AWS STS is primarily used for _____ authentication.

Answer 3

temporary

Question 4

What is the maximum duration for which AWS STS credentials can be valid?

Answer 4

12 hours

Question 5

Which AWS service can be used to assume a role and gain temporary access to AWS resources?

Answer 5

AWS STS

Question 6

What API action is used to request temporary security credentials in AWS STS?

Answer 6

AssumeRole

Question 7

True or False: Temporary security credentials provided by AWS STS are long-lived.

Answer 7

False

Question 8

What are the three components of temporary security credentials provided by AWS STS?

Answer 8

Access key ID, secret access key, session token

Question 9

Multiple Choice: Which of the following is NOT a use case for AWS STS? A) Cross-account access B) Federated user access C) Long-term IAM user creation

Answer 9

C) Long-term IAM user creation

Question 10

What is the purpose of the AssumeRoleWithWebIdentity API call?

Answer 10

To allow users to access AWS resources using web identity tokens from providers like Google or Facebook.

Question 11

True or False: AWS STS can be used to grant permissions to users from outside of your AWS account.

Answer 11

True

Question 12

What type of policy can be attached to a role assumed via AWS STS?

Answer 12

IAM policy

Question 13

Fill in the blank: The AWS STS service is region-specific and must be called from a _____ region.

Answer 13

specific

Question 14

Which AWS STS feature allows users to delegate access to AWS resources without sharing long-term credentials?

Answer 14

Assuming roles

Question 15

What is the difference between AssumeRole and AssumeRoleWithSAML?

Answer 15

AssumeRole is for AWS IAM roles, while AssumeRoleWithSAML is for SAML-based federated authentication.

Question 16

True or False: AWS STS supports the use of access policies to control the permissions of temporary security credentials.

Answer 16

True

Question 17

What is the main benefit of using AWS STS for cross-account access?

Answer 17

It allows for secure and temporary access without sharing long-term credentials.

Question 18

Multiple Choice: Which of the following is a valid AWS STS API action? A) CreateTemporaryCredentials B) GetSessionToken C) UpdateRole

Answer 18

B) GetSessionToken

Question 19

What is a key advantage of using temporary credentials over long-term credentials?

Answer 19

Reduced risk of credential compromise

Question 20

Fill in the blank: The session token issued by AWS STS is required to make requests using temporary credentials, and it must be included in the _____ header.

Answer 20

Authorization

Question 21

What is the purpose of the GetFederationToken API call in AWS STS?

Answer 21

To provide temporary credentials for federated users.

Question 22

True or False: AWS STS can issue credentials based on a predefined IAM policy.

Answer 22

True

Question 23

What is the maximum number of roles that can be assumed in a single AssumeRole call?

Answer 23

One

Question 24

Multiple Choice: Which of the following scenarios would NOT benefit from AWS STS? A) A web application granting temporary access to users B) A single AWS account managing all resources C) A mobile app accessing AWS resources securely

Answer 24

B) A single AWS account managing all resources

Question 25

What is the session name parameter used for in the AssumeRole API?

Answer 25

To identify the session and provide an audit trail.

Question 26

Fill in the blank: AWS STS is often used in conjunction with _____ to provide access to AWS resources.

Answer 26

IAM roles

Question 27

What does the expiration time of temporary credentials provided by AWS STS indicate?

Answer 27

The time after which the credentials will no longer be valid.

Question 28

True or False: You can use AWS STS to create a new IAM user.

Answer 28

False

Question 29

What is an example of a service that can integrate with AWS STS for federated authentication?

Answer 29

Amazon Cognito

Question 30

Multiple Choice: Which of the following is a feature of AWS STS? A) Long-term credential management B) Temporary security credentials C) User account creation

Answer 30

B) Temporary security credentials

Question 31

What is the role of the policy document in the AssumeRole API call?

Answer 31

To define the permissions that the assumed role has.

Question 32

True or False: AWS STS can be used to provide access to on-premises applications.

Answer 32

True

Question 33

What is the primary use case for the GetSessionToken API action?

Answer 33

To obtain temporary credentials for IAM users.

Question 34

Fill in the blank: AWS STS can be used with _____ to enable single sign-on (SSO) capabilities.

Answer 34

SAML

Question 35

What is the significance of the 'external ID' parameter when assuming a role?

Answer 35

It adds an additional layer of security to prevent the confused deputy problem.

Question 36

Multiple Choice: Which of the following does NOT require AWS STS? A) Cross-account access B) Temporary access for users C) Long-term IAM user access

Answer 36

C) Long-term IAM user access

Question 37

True or False: AWS STS is a global service and does not require region specification.

Answer 37

False

Question 38

What is the primary benefit of using AWS STS in a multi-account AWS architecture?

Answer 38

Simplified management of permissions and access across accounts.

Question 39

What is the role of the session duration parameter in AssumeRole?

Answer 39

It specifies the duration for which the temporary credentials are valid.

Question 40

Fill in the blank: AWS STS can issue temporary credentials that can be used to access _____ resources.

Answer 40

AWS

Question 41

What is the purpose of the AssumeRoleWithSAML API?

Answer 41

To allow users to assume a role based on SAML assertions.

Question 42

True or False: AWS STS can be used to limit access based on IP address.

Answer 42

True

Question 43

What is a common use case for AWS STS in mobile applications?

Answer 43

Providing temporary access to AWS resources for mobile users.

Question 44

Multiple Choice: Which AWS STS feature is used for granting access to IAM roles? A) Temporary security credentials B) Long-term access keys C) IAM user creation

Answer 44

A) Temporary security credentials

Question 45

What type of users can benefit from using AWS STS?

Answer 45

Federated users and IAM users needing temporary access.

Question 46

What does STS stand for in AWS?

Answer 46

Security Token Service

Question 47

True or False: AWS STS allows users to create temporary security credentials.

Answer 47

True

Question 48

Fill in the blank: AWS STS is primarily used for _____ authentication.

Answer 48

temporary

Question 49

What is the maximum duration for which AWS STS credentials can be valid?

Answer 49

12 hours

Question 50

Which AWS service can be used to assume a role and gain temporary access to AWS resources?

Answer 50

AWS STS

Question 51

What API action is used to request temporary security credentials in AWS STS?

Answer 51

AssumeRole

Question 52

True or False: Temporary security credentials provided by AWS STS are long-lived.

Answer 52

False

Question 53

What are the three components of temporary security credentials provided by AWS STS?

Answer 53

Access key ID, secret access key, session token

Question 54

Multiple Choice: Which of the following is NOT a use case for AWS STS? A) Cross-account access B) Federated user access C) Long-term IAM user creation

Answer 54

C) Long-term IAM user creation

Question 55

What is the purpose of the AssumeRoleWithWebIdentity API call?

Answer 55

To allow users to access AWS resources using web identity tokens from providers like Google or Facebook.

Question 56

True or False: AWS STS can be used to grant permissions to users from outside of your AWS account.

Answer 56

True

Question 57

What type of policy can be attached to a role assumed via AWS STS?

Answer 57

IAM policy

Question 58

Fill in the blank: The AWS STS service is region-specific and must be called from a _____ region.

Answer 58

specific

Question 59

Which AWS STS feature allows users to delegate access to AWS resources without sharing long-term credentials?

Answer 59

Assuming roles

Question 60

What is the difference between AssumeRole and AssumeRoleWithSAML?

Answer 60

AssumeRole is for AWS IAM roles, while AssumeRoleWithSAML is for SAML-based federated authentication.

Question 61

True or False: AWS STS supports the use of access policies to control the permissions of temporary security credentials.

Answer 61

True

Question 62

What is the main benefit of using AWS STS for cross-account access?

Answer 62

It allows for secure and temporary access without sharing long-term credentials.

Question 63

Multiple Choice: Which of the following is a valid AWS STS API action? A) CreateTemporaryCredentials B) GetSessionToken C) UpdateRole

Answer 63

B) GetSessionToken

Question 64

What is a key advantage of using temporary credentials over long-term credentials?

Answer 64

Reduced risk of credential compromise

Question 65

Fill in the blank: The session token issued by AWS STS is required to make requests using temporary credentials, and it must be included in the _____ header.

Answer 65

Authorization

Question 66

What is the purpose of the GetFederationToken API call in AWS STS?

Answer 66

To provide temporary credentials for federated users.

Question 67

True or False: AWS STS can issue credentials based on a predefined IAM policy.

Answer 67

True

Question 68

What is the maximum number of roles that can be assumed in a single AssumeRole call?

Answer 68

One

Question 69

Multiple Choice: Which of the following scenarios would NOT benefit from AWS STS? A) A web application granting temporary access to users B) A single AWS account managing all resources C) A mobile app accessing AWS resources securely

Answer 69

B) A single AWS account managing all resources

Question 70

What is the session name parameter used for in the AssumeRole API?

Answer 70

To identify the session and provide an audit trail.

Question 71

Fill in the blank: AWS STS is often used in conjunction with _____ to provide access to AWS resources.

Answer 71

IAM roles

Question 72

What does the expiration time of temporary credentials provided by AWS STS indicate?

Answer 72

The time after which the credentials will no longer be valid.

Question 73

True or False: You can use AWS STS to create a new IAM user.

Answer 73

False

Question 74

What is an example of a service that can integrate with AWS STS for federated authentication?

Answer 74

Amazon Cognito

Question 75

Multiple Choice: Which of the following is a feature of AWS STS? A) Long-term credential management B) Temporary security credentials C) User account creation

Answer 75

B) Temporary security credentials

Question 76

What is the role of the policy document in the AssumeRole API call?

Answer 76

To define the permissions that the assumed role has.

Question 77

True or False: AWS STS can be used to provide access to on-premises applications.

Answer 77

True

Question 78

What is the primary use case for the GetSessionToken API action?

Answer 78

To obtain temporary credentials for IAM users.

Question 79

Fill in the blank: AWS STS can be used with _____ to enable single sign-on (SSO) capabilities.

Answer 79

SAML

Question 80

What is the significance of the 'external ID' parameter when assuming a role?

Answer 80

It adds an additional layer of security to prevent the confused deputy problem.

Question 81

Multiple Choice: Which of the following does NOT require AWS STS? A) Cross-account access B) Temporary access for users C) Long-term IAM user access

Answer 81

C) Long-term IAM user access

Question 82

True or False: AWS STS is a global service and does not require region specification.

Answer 82

False

Question 83

What is the primary benefit of using AWS STS in a multi-account AWS architecture?

Answer 83

Simplified management of permissions and access across accounts.

Question 84

What is the role of the session duration parameter in AssumeRole?

Answer 84

It specifies the duration for which the temporary credentials are valid.

Question 85

Fill in the blank: AWS STS can issue temporary credentials that can be used to access _____ resources.

Answer 85

AWS

Question 86

What is the purpose of the AssumeRoleWithSAML API?

Answer 86

To allow users to assume a role based on SAML assertions.

Question 87

True or False: AWS STS can be used to limit access based on IP address.

Answer 87

True

Question 88

What is a common use case for AWS STS in mobile applications?

Answer 88

Providing temporary access to AWS resources for mobile users.

Question 89

Multiple Choice: Which AWS STS feature is used for granting access to IAM roles? A) Temporary security credentials B) Long-term access keys C) IAM user creation

Answer 89

A) Temporary security credentials

Question 90

What type of users can benefit from using AWS STS?

Answer 90

Federated users and IAM users needing temporary access.