26-04 Identity and Access Management

Last updated Aug 27, 2023 Edit Source

You wish to deploy a dev and test environment on AWS. You want to ensure that your developers can access your AWS account using a highly secure authentication process and follow best practices. Which of the following two configuration options will help ensure enhanced security? (Choose two answers)

• A. Configure your IAM accounts with MFA.
• B. Configure your IAM password policy with complexity rules.
• C. Ensure you encrypt your EBS volumes.
• D. Create RDS databases with Multi-AZ.
• E. Provide the root account credential details to your developers.

Your developer is working from home this weekend and needs to access your AWS account using the CLI to configure your RDS database from their local computer. Which type of IAM credentials would they need to configure the AWS CLI tool on their machine?

• A. IAM username and password
• B. Access key IDs and secret access keys
• C. Access keys and secret ID
• D. HTTPS

Which AWS service enables you to troubleshoot your IAM policies and identify the sets of permissions that may be denying access to a given AWS service?

• A. IAM policy simulator
• B. CloudWatch
• C. CloudTrail
• D. IAM policy manager

Which of the following AWS services is a better option to securely grant your application running on an EC2 instance access to a backend database running on Amazon RDS?

• A. Access keys
• B. IAM role
• C. IAM group
• D. Security group

Which format are IAM policy documents written in?

• A. JSON
• B. YAML
• C. XML
• D. JAVA

What best practice strategy should you follow when assigning permissions to IAM users and groups?

• A. Follow the principle of least privilege.
• B. Follow the principle of most privilege.
• C. Follow the ITIL principles.
• D. Follow the GDPR principle.

Which IAM service enables you to effectively manage users by creating a collection of them based on their job function and assigning them permissions according to their roles to the entire collective?

• A. IAM groups
• B. IAM policies
• C. IAM collection
• D. IAM roles

Which feature of IAM enables you to use your existing corporate Active Directory user credentials to log in to the AWS Management Console and therefore offer an SSO service?

• A. Identity federation
• B. IAM user database
• C. Active Directory users and computers
• D. MFA

Which AWS service enables you to generate and download a report that lists your IAM users and the state of their various credentials, including passwords, access keys, and MFA devices?

• A. AWS policies
• B. AWS Explorer
• C. Credentials report
• D. User report

Which AWS service is responsible for assigning and managing temporary credentials to entities that assume an IAM role?

• A. AWS Password Manager
• B. AWS Security Token Service
• C. AWS Credentials Manager
• D. AWS Credentials Report

Answer Key

1. A and B
2. B
3. A
4. B
5. A
6. A
7. A
8. A
9. C
10. B