Identity & Access Management Exam Questions And Answers

In IAM, a ______ formally describes a set of permissions and is included in an IAM policy which is a JSON formatted document - ANS statement What is the geographic scope of AWS IAM? - ANS Global What is AWS MFA? - ANS AWS Multi-Factor Authentication You can create a cross-account access role between _______, and also between ____________. (Choose 2 answers) - ANS two of your own AWS accounts, your AWS account and a third party AWS account What is web identity federation? - ANS Use of an identity provider like Google or Facebook to exchange for temporary AWS security credentials In cross-account access, _____ allow users and other AWS services and applications to adopt a set of temporary IAM permissions to access AWS resources - ANS IAM roles Imagine the situation in which your development team, who primarily work in the development AWS account, may occasionally require access to resources in the production AWS account. In this situation, the development account will be the _______ account. - ANS trusted _________ allows IAM users from one AWS account to access services within a different AWS account through the use of IAM roles - ANS Cross-account access Cross-account access through the use of IAM roles helps us to adhere to the principle of _________. - ANS least privilege What is the last step in the sequence of steps required to implement cross-account access using AWS IAM? - ANS Test the configuration by switching to the new role A user is included in multiple IAM group policies. One allows read-only access to Amazon EC2 with no actions denied. The other allows full access to Amazon EC2. What happens when this user tries to launch an instance? - ANS Multiple IAM group policies are aggregated. Amazon EC2 will allow the user to launch the instance. IAM group policy is always aggregated. In this case, if the user does not have permission for one group, but has permission for another group, he will have full access to EC2. Unless there is specific deny policy, the user will be able to access EC2. In IAM, a(n) ________ is an entity with permission policies that determine what the identity can and cannot do in AWS - ANS role By default, a brand new IAM user created using AWS CLI or AWS API __________. - ANS has no credentials of any kind If a request does not meet all the conditions included in an IAM policy, what will be the result? - ANS A deny Which IAM policy type allows Amazon S3 buckets to trigger AWS Lambda functions? - ANS Using a resource policy rule Which statement about the Sid element of an IAM policy is true? - ANS It is an optional identifier you provide for a policy statement Which type of IAM role can be edited, and allows one service to call or manage other services on your behalf? - ANS AWS Service roles MFA is used within IAM to _______. - ANS add an additional level of security when authenticating to your AWS account Which type of IAM role is pre-defined, and can only be edited in a limited number of cases? - ANS AWS Service-Linked Roles