AWS IAM Quiz 1

AWS IAM Quiz 1 post thumbnail image
You can access the quiz at Link to Quiz and get all questions by printing the page.


AWS IAM Quiz 1

Question 1: IAM User Groups can contain IAM Users and other User Groups.

     Option 1: TRUE
     Option 2: FALSE


Answer: Option 2: FALSE
Reference

Question 2: An IAM policy consists of one or more statements. A statement in an IAM Policy consists of the following, EXCEPT:

     Option 1: Effect
     Option 2: Principal
     Option 3: Version
     Option 4: Action
     Option 5: Resource


Answer: Option 3: Version
Reference

Question 3: Managed Policies:

     Option 1: Reusable
     Option 2: Same policy can be attached to User, group and role
     Option 3: When IAM entity is removed, managed policy attached to it is also removed
     Option 4: Managed policy lives separately from attached entity. If attached entity is remove managed policy is not impacted.
     Option 5: Versioning Support
     Option 6: All
     Option 7: Choices 1, 2, 4, 5
     Option 8: Choices 1, 2, 4


Answer: Option 7: Choices 1, 2, 4, 5
Reference

Question 4: Which of the following IAM Best Practices ensures users only have access to the resources and services that they need to do their job?

     Option 1: Use access levels to review IAM permissions
     Option 2: Grant least privilege
     Option 3: Rotate credentials regularly
     Option 4: Remove unnecessary credentials


Answer: Option 2: Grant least privilege
Reference

Question 5: What should you do to increase your root account security?

     Option 1: Remove permissions from the root account
     Option 2: Only access AWS services through AWS Command Line Interface (CLI)
     Option 3: Don’t create IAM Users, only access your AWS account using the root account
     Option 4: Enable Multi-Factor Authentication (MFA)


Answer: Option 4: Enable Multi-Factor Authentication (MFA)
Reference

Question 6: Your application running on EC2 instances need access to S3 buckets and other services. What is the recommended approach for granting access and ensuring credentials are rotated frequently?

     Option 1: Create an IAM user account for the application using access key credentials and necessary privileges. Configure the account credentials in your app
     Option 2: Create an IAM role with necessary privileges and launch EC2 instances with that IAM role. Your application can get temporary access credentials from EC2 instance
     Option 3: Create an IAM Group with necessary privileges and launch EC2 instances with that IAM Group. Your application can get temporary access credentials from EC2 instance


Answer: Option 2: Create an IAM role with necessary privileges and launch EC2 instances with that IAM role. Your application can get temporary access credentials from EC2 instance
Reference

Question 7: Your IAM user needs access only to management console. In this case what credentials does the user need?

     Option 1: Access Keys
     Option 2: Password
     Option 3: Both
     Option 4: Either


Answer: Option 2: Password
Reference

Question 8: Which of the following is NOT a policy type?

     Option 1: Identity-based policies
     Option 2: Resource-based policies
     Option 3: IAM Permission boundraies
     Option 4: Security Token Service


Answer: Option 4: Security Token Service
Reference

Question 9: You are using Identity federation for your web application. How do you grant privileges to access your AWS resources for the users of your web application?

     Option 1: Grant federated users necessary privileges by directly attaching IAM Policies to their account
     Option 2: Create an IAM role and assign necessary privileges to the role. Configure federation step to assume the IAM role for authenticated users.


Answer: Option 2: Create an IAM role and assign necessary privileges to the role. Configure federation step to assume the IAM role for authenticated users.
Reference

Question 10: Your IAM user needs access to the AWS resource only through command line interface, APIs and SDKs. In this case what credentials does the user need?

     Option 1: Access Keys
     Option 2: Password
     Option 3: Both
     Option 4: Either


Answer: Option 1: Access Keys
Reference

Question 11: What are IAM Policies?

     Option 1: A set of policies that defines how AWS accounts interact with each other
     Option 2: JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles
     Option 3: A set of policies that define a password for IAM Users
     Option 4: A set of policies defined by AWS that show how customers interact with AWS


Answer: Option 2: JSON documents that define a set of permissions for making requests to AWS services, and can be used by IAM Users, User Groups, and IAM Roles
Reference

Question 12: What is a proper definition of an IAM Role?

     Option 1: IAM User in multiple User Groups
     Option 2: Am IAM entity that defines a password policy for IAM Users
     Option 3: An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service
     Option 4: Permissions assigned to IAM Users to perform actions


Answer: Option 3: An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service
Reference

Question 13: Which of the following is NOT an IAM best practice?

     Option 1: Use Groups to Assign Permissions to IAM Users
     Option 2: Configure a Strong Password Policy for Your Users
     Option 3: Do Not Share Access Keys
     Option 4: Rotate Credentials Regularly
     Option 5: Create Individual IAM Users and delete the Root account


Answer: Option 5: Create Individual IAM Users and delete the Root account
Reference

Question 14: Which IAM entity can be used to delegate permissions?

     Option 1: User
     Option 2: Group
     Option 3: Policy
     Option 4: Role


Answer: Option 4: Role
Reference

Question 15: Which answer is incorrect regarding IAM Users?

     Option 1: IAM Users can belong to multiple user Groups
     Option 2: IAM Users don’t have to belng to a User Group
     Option 3: IAM Policies can be attached directly to IAM Users
     Option 4: IAM User access AWS services using root account redentials


Answer: Option 4: IAM User access AWS services using root account redentials
Reference

Question 16: What is the best practice for applying permissions to many users who perform the same job role?

     Option 1: Apply a permissions policy to an IAM Role and allow the users to assume the role
     Option 2: Add the users to an IAM Group and apply a permissions policy to the group
     Option 3: Add an inline permissions policy to each individual IAM user


Answer: Option 2: Add the users to an IAM Group and apply a permissions policy to the group
Reference

Question 17: You are exploring best ways to protect your AWS services. What are some options for enforcing security policies?

     Option 1: User based policies
     Option 2: Resource based policies for supported AWS Services
     Option 3: Resource based policies
     Option 4: A or B
     Option 5: A or C


Answer: Option 4: A or B
Reference

Question 18: Which of the following is an IAM Security Tool?

     Option 1: IAM Credentials Report
     Option 2: IAM Root Account Manager
     Option 3: IAM Service Report
     Option 4: IAM Security Advisor


Answer: Option 1: IAM Credentials Report
Reference

Question 19: Which IAM entity is used for assigning permissions to multiple users?

     Option 1: User
     Option 2: Group
     Option 3: Policy
     Option 4: Role


Answer: Option 2: Group
Reference

Question 20: Can a user use IAM user credentials to logon to EC2 instance or Relational Database Service RDBMS instance? IAM user has full administrative privileges for AWS resources.

     Option 1: Only EC2 instance allows IAM user to logon
     Option 2: Only RDS RDBMS instance allows IAM user to logon to a database
     Option 3: EC2 requires you to use Key pair (linux) or a separate user name and password (windows) to logon
     Option 4: RDS RDBMS instance requires a database user account for connecting to the database
     Option 5: Both A & B
     Option 6: Both C & D


Answer: Option 6: Both C & D
Reference

Question 21: Inline policies:

     Option 1: Cannot be reused
     Option 2: User, group, role can have inline policies
     Option 3: When IAM entity is removed, inline policy attached to it is also removed
     Option 4: Has built in versioning support
     Option 5: Efficient and faster
     Option 6: All
     Option 7: Choices 1, 2, 3
     Option 8: Choices 1, 2, 3, 4


Answer: Option 7: Choices 1, 2, 3
Reference

Question 22: You have defined groups for managing IAM users. You need to grant permissions so that IAM users can access S3 bucket. Which one these choices will NOT work?

     Option 1: Attach necessary permissions to the group
     Option 2: Attach necessary permissions in a S3 bucket resource level policy with the group specified as the Principal
     Option 3: Attach necessary permissions to an IAM role and grant assume role privileges to the IAM users
     Option 4: Attach necessary permissions to the IAM users


Answer: Option 2: Attach necessary permissions in a S3 bucket resource level policy with the group specified as the Principal
Reference

Question 23: Which of the following is an IAM best practice?

     Option 1: Create several IAM Users for one physical person
     Option 2: Don’t use the root user account
     Option 3: Share your AWS account credentials with your colleague, so (s)he can perform a task for you
     Option 4: Do not enable MFA for easier access


Answer: Option 2: Don’t use the root user account
Reference

Question 24: Which element of an IAM policy document can be used to specify that a policy should take effect only if the caller is coming from a specific source IP address?

     Option 1: Action
     Option 2: Resource
     Option 3: Effect
     Option 4: Condition


Answer: Option 4: Condition
Reference

Question 25: Which principle should you apply regarding IAM Permissions?

     Option 1: Grant most privilege
     Option 2: Grant more permissions if your employee asks you to
     Option 3: Grant least privilege
     Option 4: Restrict root account permissions


Answer: Option 3: Grant least privilege
Reference

Question 26: You want to find if your users are rotating their passwords and access keys regularly. What is the best way to find this out?

     Option 1: IAM Management console – review individual users
     Option 2: Use Credential report available from IAM management console
     Option 3: Audit CloudTrail logs
     Option 4: IAM User access logs


Answer: Option 2: Use Credential report available from IAM management console
Reference

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post