Identity And Access Management

Question 1

What does IAM stand for?

Answer 1

Identity Access Management

Question 2

What is IAM?

Answer 2

IAM allows you to manage users and their level of access to the AWS console

Question 3

What is the root account?

Answer 3

The root account is the email address you used to sign up for AWS

Question 4

What access does the root user have?

Answer 4

Full administrative access

Question 5

What steps should be taken to secure the root user account?

Answer 5

1. Enable multi-factor authentication
2. Create an admin group for administrators and assign the appropriate permissions to this group
3. Create user accounts for administrators
4. Add users to admin group

Question 6

How do we control permissions using IAM?

Answer 6

We assign permissions using policy documents, which are made up of JSON

Question 7

How should users be grouped?

Answer 7

By job function

Question 8

What is an IAM user?

Answer 8

A physical person

Question 9

What are the building blocks of IAM?

Answer 9

Users, groups, and roles

Question 10

What happens when an IAM policy document is applied to a group?

Answer 10

All the users in that group inherent permissions of that document

Question 11

Is it best practice to give users or groups policy documents?

Answer 11

Groups

Question 12

What is the principle of least privilege?

Answer 12

Only assigns user the minimum amount of privileges they need to do their job

Question 13

By default, how much access does a user have?

Answer 13

Access to nothing

Question 14

How many times do you see your access keys and secret access keys?

Answer 14

Once upon creation

Question 15

Should you set up password rotations?

Answer 15

Yes

Question 16

How can you combine your existing user account with AWS?

Answer 16

By using AWS federation

Question 17

What standard does Identity federation use?

Answer 17

SAML standard

Question 18

What is an ARN?

Answer 18

Amazon resource name: A unique name given to every resource

Question 19

When you describe the effect as deny in an IAM policy, what is that called and what is it’s effect?

Answer 19

It is an explicit deny and that overrides any allow that the user might be granted in another policy

Question 20

What is an IAM Role?

Answer 20

A role is an identity you can create in IAM that has specific permissions.

Question 21

How are IAM roles and users similar?

Answer 21

Both can have permission policies that determine what they can and cannot do

Question 22

Is an IAM role uniquely associated with an IAM user?

Answer 22

No, it is assumable by anyone

Question 23

Are roles permanent?

Answer 23

No, temporary