Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cloud computing > Udemy Lecture 2 > Flashcards

Udemy Lecture 2 Flashcards

1
Q

Whats IAM? What is it a global or regional service?

A

stand for identity & access management (Its a global service not regional)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In _____ you create your users & assign them to groups

A

IAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

_________ is created by default (after that dont use it ore share it)

A

Root account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

_______ are people within your organization & can be grouped (1 user represents 1 person) and you can create groups out of those users (think of it like a teacher grouping you for an assignment with your classmates)

A

users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Groups only contain _____ not other groups

A

users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Some users don’t have to belong to a group & other users can belong to ________ groups

A

multiple

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Users or groups can be assigned JSON documents called ________

A

IAM policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The _______ define the permission of the user

A

policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In AWS you apply the least ___________- which is you dont give more permissions than a user needs

A

privilege principle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The user gains the permission of the _______ its in

A

group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You create users because on your AWS account you just have you the ________, so you create users (admin user) to allow you to use your account more safely

A

root user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You attach a policy at the __________ so that every user in the group gets the same root user policy

A

group level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

If a user isnt in a group then you make an __________

A

inline policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the structure of IAM Policy?

A
  • Version (policy language version, which is usually always include “2012-10-17”
  • ID (an identifier for the policy (optional))
  • Statements (one or more individual statements (required)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What do statements consists of?

A
  • SID (an identifier for the statement (optional)
  • Effect (whether the statement allows or denies access (say allow if allow & deny if it denies)
  • Principal (account/user/role to which the policy will be applied to)
  • Action (list of actions this policy allows or denies)

-Resources (list of resources to which the actions applied to)

-Condition (conditions for when this policy is in effect (optional))

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

On the _______ form a star (*) mean anything (allowed to do anything, or everything, so if its on the action then means any action & if its on the resource means ny resource, which is another way of saying giving administrator access to anyone)

A

JSON

17
Q

If there is a word in front of the star means you get access to ___________

A

whatever is in front of the word(ex. Get * (get access to anything that starts with “get”)

18
Q

Strong passwords = ______________ (can set one up in AWS)

A

higher security for your account

19
Q

Can allow IAM users to change their own passwords or __________ after some time (password expiration) & Can prevent password reuse so they cant use the same password twice

A

require user to change their passwords

20
Q

Users have access to your account & can do things that you may not want to do so you want to protect your root accounts & IAM users with ______

A

MFA

21
Q

_______ is just a password you know + security device you own

A

MFA

22
Q

So even if an ______ is forgotten you would need the physical device of the owner

A

MFA

23
Q

What are the different types of MFA you can use?

A
  • You can use a virtual MFA device ( can use google authentication)
  • Also can use a universal 2nd factor (U2F) security key (ex.Yubikey) n what it does is support for multiple root and IAM users using a single security key

-Can also use hardware key fob MFA device (ex. One by gemalto)

-If your involved with the government then could have a hardware key fob MFA device for AWS GovcloudOne by gemalto)

24
Q

What are the 3 different ways to access AWS?

A

-AWS management console (protected by password + MFA)

-AWS command line interface (CLI) (protected by access keys)

-AWS software developer kit (SDK) (for code protected by access keys

25
Q

___________ are generated through the AWS console & users manage their own _____________

A

Access keys

26
Q

Access keys are _______, just like a password (so don’t share them)(Access Key ID is like ur username & secret access key is like your password)

A

secret

27
Q

What is AWS Command Line Interface (CLI)?

A

is a tool that enables you to interact with AWS services using command in your command in line shell

-Direct access to the public APIs of AWS services

-You can develop scripts to manage your resources

28
Q

What is AWS SDK?

A

is a software development kit

  • Language specific APIs
  • Enables you to access and manage -AWS services programmatically
    Embedded within your application
29
Q

Cloud shell is _________ resource

A

regional so its only available in some regions)

30
Q

Some AWS services will need to perform actions on your behalf so to do so will need to assign permission to AWS services with ________

A

IAM roles

31
Q

__________ are just likes users but instead of being physical ppl they are AWS services (ex. EC2 instance )

A

IAM roles

Common roles are: EC2, lambda function roles, roles for cloudformation

32
Q

What are IAM credentials reports (account-level)?

A

a report that list all your accounts users and the status of their various credentials

33
Q

What is IAM access advisor (user level)?

A

access advisor shows the service permissions granted to a user and when those services were last accessed

  • You can use this information to revise your policies
34
Q

When it comes to the IAM model, AWS is responsible for everything they do like what?

A
  • Their infrastructure (global network security)
  • Configurations and vulnerability analysis
  • Compliance validation that they are responsible for
35
Q

Regarding IAM you are responsible for what?

A
  • You are responsible for users, groups, roles, policies, management & monitoring them as well
  • Responsible for enabling MFA on all accounts
  • Rotate all your keys often
  • Use IAM tools to apply appropriate permissions
  • Analyze access patterns & review permissions
  • AWS is responsible for all of its infrastructure & your responsible for how you use it

Cloud computing (43 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions