Practice Test

True or False: Identity and Access Management (IAM) in AWS is used to manage access to AWS services and resources.

  • Answer: True

Explanation: AWS Identity and Access Management (IAM) lets you manage access to AWS services and resources securely.

Which of the following AWS services allows you to manage users and their access to AWS resources?

  • A. AWS CloudTrail
  • B. AWS IAM
  • C. Amazon S3
  • D. AWS Inspector

Answer: B. AWS IAM

Explanation: AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely.

Federated identity management in AWS allows you to…

  • A. Create and manage AWS users and groups
  • B. Lock your AWS account if you fail to log in after multiple attempts
  • C. Use your corporate directory to grant permissions to AWS resources
  • D. All of the above

Answer: C. Use your corporate directory to grant permissions to AWS resources

Explanation: Federated identity management in AWS allows you to grant external identities (e.g., users in your corporate directory) permissions to AWS resources without having to create IAM users.

True or False: IAM roles are an AWS identity that you can create and link to your account.

  • Answer: False

Explanation: Roles are not tied to a specific user or group. Instead, trusted entities, such as IAM users, applications, or AWS services like EC2, assume roles.

AWS IAM supports which type of federation?

  • A. SAML 0
  • B. OpenID Connect
  • C. Both of the above
  • D. None of the Above

Answer: C. Both of the above

Explanation: AWS IAM supports identity federation using SAML 0 and OpenID Connect.

Multi-factor authentication (MFA) is used to add an extra layer of security to your AWS account. Which of the following does it require?

  • A. Password
  • B. Cellphone number
  • C. Both of the above
  • D. Something you know, something you have, something you are.

Answer: D. Something you know, something you have, something you are

Explanation: MFA security system requires more than one method of authentication from independent categories of credentials to verify the user’s identity.

AWS Cognito is used for which of the following?

  • A. User Identity and Data Synchronization
  • B. Deploy and scale web, mobile and API applications
  • C. Analyze Big Data
  • D. Operate Containerized Applications

Answer: A. User Identity and Data Synchronization

Explanation: Amazon Cognito provides authentication, authorization, and user management for web and mobile apps.

In AWS, IAM Policies are used for….

  • A. Billing Purposes
  • B. Managing Access to AWS resources
  • C. Both of the above
  • D. None of the above

Answer: B. Managing Access to AWS resources

Explanation: IAM policies are used to specify permissions and control access to AWS resources.

True or False: AWS IAM supports granularity for AWS resource permissions.

  • Answer: True

Explanation: IAM provides granular access control to AWS resources. You can assign unique credentials to every user and define the permissions for each user.

Which of the following is a benefit of Identity federation in AWS?

  • A. Reducing administrative overhead.
  • B. Improve cost efficiency.
  • C. Increase data processing speed.
  • D. Improve network connectivity.

Answer: A. Reducing administrative overhead.

Explanation: Identity Federation helps to reduce administrative overhead by removing the need to create IAM users.

Interview Questions

What is Identity Management in the context of AWS?

Identity Management refers to the process of managing user identities, their permissions and security credentials within an AWS environment. It involves the use of services like AWS Identity and Access Management (IAM) and AWS Security Token Service (STS).

What is Federated Identity Management?

Federated Identity Management refers to the agreement between multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all the enterprises in the group. In AWS, it involves services like AWS Single Sign-On (SSO) which enables users to sign in using their existing identity provider.

What is the principal use case for AWS IAM?

AWS IAM is primarily used to manage access to AWS services and resources securely. IAM enables you to create and manage AWS users and groups and grants the permissions required to allow or deny their access to AWS resources.

How does Federated Identity Management benefit businesses using AWS?

Federated Identity Management helps reduce the administrative overhead of managing multiple user identities and improves security by allowing users to use their existing identities to access AWS resources. It can help businesses with seamless integration and improved user experience.

What is the role of AWS Cognito in identity management?

AWS Cognito provides authentication, authorization, and user management for web and mobile apps. It allows users to sign in through social identity providers such as Google, Facebook, and Amazon, as well as through enterprise identity providers via SAML 2.0.

What is AWS Single Sign-On (SSO)?

AWS SSO is a cloud service that makes it easy to centrally manage access to multiple AWS accounts and business applications. With AWS SSO, users can sign in just once to access all their assigned accounts and applications from one user portal.

Can AWS IAM manage access to on-premises resources?

No, AWS IAM is specifically designed to manage access to AWS services and resources. For on-premises resources, other identity management solutions would be required.

How does AWS IAM work together with S3 bucket policies for access control?

IAM and S3 bucket policies work together to grant access. If either the IAM permission or the S3 bucket policy denies access, then the user will not have access to the S3 bucket. Both authorization mechanisms must allow access for the user to access the S3 resource.

Can AWS IAM roles be assumed by AWS services?

Yes, AWS IAM roles can be assumed by AWS services when you grant permissions to make AWS service requests in your account on your behalf.

What are IAM Policies in AWS?

IAM policies are objects in AWS that define permissions for an IAM entity (user or role). Policies determine what actions are allowed or denied for a particular resource.

What is AWS Security Token Service (STS)?

AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).

How can you control access to AWS resources?

Control over access to AWS resources can be managed through the use of IAM users, groups, and roles. You can specify what these entities are and aren’t allowed to do with defined policies.

What are the different types of AWS IAM roles?

AWS offers several types of IAM roles which include Service Roles, Delegation Roles, and Cross-Account roles. These roles are created for different services and use cases.

How does AWS handle Access Management?

AWS handles Access Management primarily through the use of IAM, which allows administrators to grant specific permissions to users, applications, and services to access AWS resources.

How can federated users access AWS resources?

Federated users access AWS resources through the use of the AWS Security Token Service (STS), federation endpoints, and temporary security credentials. They will sign in through a trusted identity provider and will be granted access based on the policies assigned.

Leave a Reply

Your email address will not be published. Required fields are marked *