IAM Exam New Update Solved 100% Correct

IAM Exam New Update Solved 100% Correct What does IAM allow you to do (in general)? - Answer - To manage users and their level of access to the AWS Console What is an example of Identity Federation? - Answer - Logging onto AWS Console using corporate SSO; authenticate against Facebook, LinkedIn T/F: IAM gives you centralized control of your AWS account. - Answer - True T/F: IAM gives you shared access to your AWS account. - Answer - True T/F: IAM gives you granular permissions. - Answer - True T/F: IAM allows you to do Identity Federation. - Answer - True T/F: IAM gives you Multifactor Authentication. - Answer - True T/F: IAM allows you to provide temporary access for users/devices and services where necessary. - Answer - True T/F: IAM allows you to set up your own password rotation policy. - Answer - True T/F: IAM integrates with many different AWS services. - Answer - True T/F: IAM supports PCI DSS Compliance. - Answer - True Users - Answer - End Users (think people) Groups - Answer - A collection of users under one set of permissions. Roles - Answer - You create roles and can then assign them to AWS resources. (Allows one AWS resource, such as EC2, interact with another, such as S3) Policies - Answer - A document that defines one (or more) permissions. T/F: IAM requires a region selection. - Answer - False; IAM is Global and does not require a region selection. What is the default sign-in link for IAM users? - Answer - https://account_number. Can you customize the default sign-in link for IAM users? - Answer - Yes, you can create an alias to customize the default sign-in link. What are the 5 steps in order for your Security Status to be considered complete? - Answer - 1. Delete your root access keys 2. Activate MFA on your root account 3. Create individual IAM users 4. Use groups to assign permissions 5. Apply an IAM password policy Why should you enable MFA on your root account? - Answer - In case someone discovers your AWS email and password, they won't be able to log in if MFA is enabled on a physical device. Steps to enable MFA - Answer - 1. Click "Manage MFA" 2. Select the type of MFA device to activate (virtual or hardware) 3. Install an AWS MFA-compatible application onto the device 4. Configure MFA. (if virtual, can scan a QR code or show secret key for manual configuration) 5. Type one or two authentication codes to activate MFA. Steps to create individual IAM users - Answer - 1. Details 2. Permissions 3. Review 4. Complete T/F: You can add multiple users at once with the same access type and permissions. - Answer - True What are the AWS access types? - Answer - 1. Programmatic access 2. AWS Management Console access What does programmatic access enable? - Answer - Access key ID, secret access key for AWS API, CLI, SDK, and other development tools What does AWS Management Console access enable? - Answer - Password that allows users to sign-in to the AWS Management console What are the ways to set permissions for users? - Answer - 1. Add users to group OR 2. Copy permissions from existing user OR 3. Attach existing policies directly T/F: After you create users, you do not have to download the credentials or email your users right away; the credentials will be safe. - Answer - False; you will need to download the credentials and email users right after creating users. However, you can delete and recreate new credentials at any time. Steps to create a new group - Answer - 1. Group Name 2. Attach Policy 3. Review