1 | Page
IAM Questions and Correct Answers
Which service enables AWS customers to manage users and
permissions in AWS?
a.AWS Access Control Service (ACS)
b.AWS Identity and Access Management (IAM)
c.AWS Identity Manager (AIM) Ans: B
IAM provides several policy templates you can use to
automatically assign permissions to the groups you create. The
_____ policy template gives the Admins group permission to access
all account resources, except your AWS account information
a.Read Only Access
b.Power User Access
c.AWS Cloud Formation Read Only Access
d.Administrator Access Ans: D
Every user you create in the IAM system starts with _________.
a.Partial permissions
b.Full permissions
© 2025 All rights reserved
, 2 | Page
c.No permissions Ans: c
Groups can't _____.
a.be nested more than 3 levels
b.be nested at all
c.be nested more than 4 levels
d.be nested more than 2 levels Ans: b
The _____ service is targeted at organizations with multiple users
or systems that use AWS products such as Amazon EC2, Amazon
SimpleDB, and the AWS Management Console.
a.Amazon RDS
b.AWS Integrity Management
c.AWS Identity and Access Management
d.Amazon EMR Ans: c
An AWS customer is deploying an application that is composed of
an AutoScaling group of EC2 Instances. The customers security
policy requires that every outbound connection from these
instances to any other service within the customers Virtual Private
Cloud must be authenticated using a unique x 509 certificate that
© 2025 All rights reserved
, 3 | Page
contains the specific instanceid. In addition an x 509 certificates
must Designed by the customer's Key management service in
order to be trusted for authentication. Which of the following
configurations will support these requirements?
a.Configure an IAM Role that grants access to an Amazon S3
object containing a signed certificate and configure the Auto
Scaling group to launch instances with this role Have the instances
bootstrap get the certificate from Amazon S3 upon first boot.
b.Embed a certificate into the Amazon Machine Image that is used
by the Auto Scaling group Have the launched instances gener Ans:
a
When assessing an organization AWS use of AWS API access
credentials which of the following three credentials should be
evaluated? Choose 3 answers
a.Key pairs
b.Console passwords
c.Access keys
d.Signing certificates
e.Security Group memberships Ans: acd
© 2025 All rights reserved
IAM Questions and Correct Answers
Which service enables AWS customers to manage users and
permissions in AWS?
a.AWS Access Control Service (ACS)
b.AWS Identity and Access Management (IAM)
c.AWS Identity Manager (AIM) Ans: B
IAM provides several policy templates you can use to
automatically assign permissions to the groups you create. The
_____ policy template gives the Admins group permission to access
all account resources, except your AWS account information
a.Read Only Access
b.Power User Access
c.AWS Cloud Formation Read Only Access
d.Administrator Access Ans: D
Every user you create in the IAM system starts with _________.
a.Partial permissions
b.Full permissions
© 2025 All rights reserved
, 2 | Page
c.No permissions Ans: c
Groups can't _____.
a.be nested more than 3 levels
b.be nested at all
c.be nested more than 4 levels
d.be nested more than 2 levels Ans: b
The _____ service is targeted at organizations with multiple users
or systems that use AWS products such as Amazon EC2, Amazon
SimpleDB, and the AWS Management Console.
a.Amazon RDS
b.AWS Integrity Management
c.AWS Identity and Access Management
d.Amazon EMR Ans: c
An AWS customer is deploying an application that is composed of
an AutoScaling group of EC2 Instances. The customers security
policy requires that every outbound connection from these
instances to any other service within the customers Virtual Private
Cloud must be authenticated using a unique x 509 certificate that
© 2025 All rights reserved
, 3 | Page
contains the specific instanceid. In addition an x 509 certificates
must Designed by the customer's Key management service in
order to be trusted for authentication. Which of the following
configurations will support these requirements?
a.Configure an IAM Role that grants access to an Amazon S3
object containing a signed certificate and configure the Auto
Scaling group to launch instances with this role Have the instances
bootstrap get the certificate from Amazon S3 upon first boot.
b.Embed a certificate into the Amazon Machine Image that is used
by the Auto Scaling group Have the launched instances gener Ans:
a
When assessing an organization AWS use of AWS API access
credentials which of the following three credentials should be
evaluated? Choose 3 answers
a.Key pairs
b.Console passwords
c.Access keys
d.Signing certificates
e.Security Group memberships Ans: acd
© 2025 All rights reserved
