Practice Test

True or False: Role-based access control (RBAC) allows the system administrators to control access to resources based on the user roles in an organization.

  • True
  • False

Answer: True

Explanation: RBAC allows administrators to control who has access to what within a system by setting roles based on job functions.

In AWS, what type of policy should you use to manage permissions for all users within an AWS account?

  • A. Identity-based policies
  • B. Resource-based policies
  • C. Permission boundaries
  • D. Portfolio policies

Answer: A. Identity-based policies

Explanation: Identity-based policies are attached to an identity (a user, group of users, or a role). They can grant or deny access to AWS products and resources.

What is a security principle of the Role-Based Access Control (RBAC) model in AWS?

  • A. Principle of least privilege
  • B. Principle of maximum privilege
  • C. Principle of the middle-ground privilege
  • D. None of the above

Answer: A. Principle of least privilege

Explanation: Under the RBAC model, the principle of least privilege is applied. It means granting only those rights that are essential to perform job duties.

True or False: In AWS, when you assume a role, you give up your original user permissions.

  • True
  • False

Answer: False

Explanation: When you assume a role in AWS, you temporarily take on the permissions that the role grants, but your original user permissions are not affected.

Which of the following is a common pattern of IAM role usage in AWS?

  • A. Delegation of permissions
  • B. EC2 instance profiles
  • C. Cross-account access
  • D. All of the above

Answer: D. All of the above

Explanation: All given options are common patterns of IAM role usage in AWS.

True or False: The least privilege principle recommends that systems should always operate at their highest level of access at all times.

  • True
  • False

Answer: False

Explanation: The principle of least privilege advises that systems should operate at the minimum level of access required to complete the task they are designed for.

In AWS, who can assume a role?

  • A. Any person with AWS credentials
  • B. Any AWS resource
  • C. Both A and B
  • D. None of the above

Answer: C. Both A and B

Explanation: A role can be assumed both by user accounts with AWS credentials and by AWS resources that request access.

Which of the following can be used to control the actions and resources the role can use after assuming the role?

  • A. Permission policies
  • B. Trust policies
  • C. Access policies
  • D. Both A and B

Answer: A. Permission policies

Explanation: Permission policies control the actions and resources the role can use.

True or False: Expected access patterns in AWS IAM policies are optional.

  • True
  • False

Answer: False

Explanation: Expected access patterns in AWS IAM policies are not optional; they are important as they define which AWS service operations the identity (user or role) can perform.

True or False: RBAC focuses on what a subject can do implicitly, without regard for the subject’s understanding of what they are doing.

  • True
  • False

Answer: False

Explanation: RBAC focuses on assigning system access by job function or role, not implicitly on what a subject can do without understanding.

Which AWS feature allows you to grant an AWS service(s) permissions to use resources in your account?

  • A. IAM roles
  • B. IAM policies
  • C. AWS Config
  • D. AWS Lambda

Answer: A. IAM roles

Explanation: IAM Roles allow you to give permissions to an AWS service(s) to use resources in your account.

What is a key benefit of AWS IAM roles?

  • A. Reduced administration overhead
  • B. Increased security
  • C. Delegation of permissions
  • D. All of the above

Answer: D. All of the above

Explanation: IAM roles in AWS reduce administrative overhead, increase security, and allow for the delegation of permissions.

True or False: An IAM user can be a permanent entity in AWS.

  • True
  • False

Answer: True

Explanation: IAM users are permanent entities in AWS. You would set up an IAM user when you have regular tasks that require AWS permissions.

In AWS, how often does the user’s security credentials get rotated?

  • A. Every time they sign in
  • B. Every time they access an AWS service
  • C. Whenever the administrator feels necessary
  • D. None of the above

Answer: C. Whenever the administrator feels necessary

Explanation: In AWS, security credentials for a user can be changed, or rotated, as often as the administrator feels necessary.

True or False: IAM Roles can be used to share resources between different AWS accounts.

  • True
  • False

Answer: True

Explanation: IAM Roles can be used to delegate permissions to IAM users in another AWS account, which makes it easy to share resources securely.

Interview Questions

What is Role-based Access Control (RBAC) in AWS?

Role-based Access Control (RBAC) in AWS is a security and authorization model that works by assigning permissions to AWS IAM roles that are then assumed by users, applications, or services.

What are expected access patterns in the context of AWS?

Expected access patterns describe how an application will interact with its data. They include things like how frequently data items are read and written, the relationships among data items, and anticipated query patterns.

How is RBAC different from discretionary access control (DAC)?

Unlike DAC, where access to a system is granted based on the user’s identity, RBAC assigns permissions to specific roles, and then users or services are assigned to these roles, thus obtaining the permissions assigned to the roles.

What tool would you use to manage Role-based Access Control in AWS?

AWS Identity and Access Management (IAM) is the tool you use to manage Role-Based Access Control.

Can an IAM user have multiple roles in AWS RBAC?

An IAM user can assume multiple roles, but they can only assume one role at a time. To switch between roles, they need to “give up” the current role and assume the new one.

What are the two primary components of RBAC?

The two primary components of RBAC are roles and permissions. Roles are assigned directly to single users or groups of users, while permissions are attached to roles to define what actions are allowed or denied.

How do access patterns affect query performance in Amazon DynamoDB?

Choosing the right access patterns has a big effect on data retrieval and query performance in DynamoDB. Optimal access patterns reduce the need for consuming excessive read or write capacity, support high request rates, and minimize costs.

What is the relation between RBAC and AWS IAM policies?

AWS IAM policies define permissions and can be attached to IAM roles in the RBAC model. These permissions control what actions are allowed or denied for the IAM role.

How do you secure data in S3 using RBAC?

To secure data in S3 using RBAC, you would use AWS IAM roles and policies. You would create a role, attach policies defining required permissions, and then assign users or groups to that role.

How do you manage an AWS IAM user’s access to a specific EC2 instance using RBAC?

In RBAC, you can control access to EC2 instances by attaching IAM policies to IAM roles defining permissions for EC2 actions and then allowing a user to assume that role.

What is least privilege principle in RBAC?

The least privilege principle recommends that a user should be given the least amount of privileges necessary to complete their job function. This is to minimize the damage that can accrue from errors or malicious intent.

What do we mean by fine-grained access control in AWS?

Fine-grained access control in AWS deals with granting permissions to access specific resources or take detailed-level actions. For example, granting a user permissions to access specific S3 buckets, or specific operations within an EC2 instance.

What are the basic rules for designing access patterns for Amazon DynamoDB?

The basic rules include understanding your application’s workload and traffic patterns, designing your schema based on these knowledge, using secondary indexes to retrieve data in different ways, and choosing the right consistency model.

How does AWS IAM support Role-Based Access Control?

AWS IAM supports RBAC by allowing creating roles, assigning permissions to roles via the IAM policies, and then assigning users or AWS services to these roles.

Can you assign IAM policies directly to AWS resources for access control?

No, in AWS, IAM policies are not assigned directly to resources. Rather, they are attached to IAM roles or users, which are then assigned permissions to access resources.

Leave a Reply

Your email address will not be published. Required fields are marked *