AWS IAM Quiz

Intelligent Automation and Monitoring

Infrastructure and Asset Management

Identity and Access Management

Internet and Application Management

To provide storage for data in AWS.

To monitor the performance of AWS services.

To manage access to AWS services and resources securely.

To automate the deployment of applications in AWS.

Buckets and Objects

Roles and Policies

Users and Groups

Permissions and Access Keys

Shredding disk drives before they leave a datacenter

Patching the operating system with the latest security patches

Configuring the Security Group rules that determine which ports are open on the EC2 Linux instance

Installing camera systems to monitor the physical datacenters

Role-based access control (RBAC) is a method of managing access to resources in an organization based on permissions.

Role-based access control (RBAC) is a method of managing access to resources in an organization based on user names.

Role-based access control (RBAC) is a method of managing access to resources in an organization based on IP addresses.

Role-based access control (RBAC) is a method of managing access to resources in an organization based on roles.

IAM Username/Password

Access Key + Secret Key

HTTP header: X-Authen-Header

Federation (SAML, OIDC)

Using strong and unique passwords, enabling MFA, regularly reviewing and rotating access keys, using IAM roles for EC2 instances, granting least privilege access, monitoring IAM activity and logging, and reviewing and updating IAM policies.

Using weak and common passwords, disabling MFA, never reviewing or rotating access keys, not using IAM roles for EC2 instances, granting excessive privilege access, not monitoring IAM activity and logging, and never reviewing or updating IAM policies.

Using the same password for all IAM users, not enabling MFA, rarely reviewing and rotating access keys, not using IAM roles for EC2 instances, granting full access to all users, not monitoring IAM activity and logging, and never reviewing or updating IAM policies.

Using short and simple passwords, not considering MFA, never reviewing or rotating access keys, not using IAM roles for EC2 instances, granting unrestricted access to all users, not monitoring IAM activity and logging, and never reviewing or updating IAM policies.

Define the maximum available permissions for IAM entities in an account

SCPs do not grant permission

Attach SCPs to the organization root, OUs, and individual accounts

SCPs attached to the root and OUs apply to all OUs and accounts inside of them

IAM helps in securing AWS resources by providing encryption for data at rest.

IAM helps in securing AWS resources by automatically patching vulnerabilities.

IAM provides authentication, authorization, and access control for AWS resources.

IAM helps in securing AWS resources by monitoring network traffic.

Deny using all AWS resources outside EU regions

Allow using all AWS resources except EU

Deny using IAM, Organizations, Route53, Supports on regions outside EU

Allow using Route53 on region Singapore