Practice Test

True or False: AWS Identity and Access Management (IAM) is a web service from Amazon Web Services that controls who is authenticated and authorized to use AWS resources.

  • True
  • False

Answer: True.

Explanation: Yes, Amazon IAM enables you to manage access to AWS services and resources securely.

Select the correct statement about AWS Single Sign-On (SSO):

  • a. AWS SSO allows for centralized management and use of multiple AWS accounts only.
  • b. AWS SSO can integrate with other AWS identity services.
  • c. AWS SSO does not provide fine-grained access control to AWS resources.

Answer: b. AWS SSO can integrate with other AWS identity services.

Explanation: AWS SSO simplifies AWS account management by enabling you to access all of your AWS accounts through a single user portal. It can integrate with other AWS identity services for centralized identity and access management.

AWS IAM role enables you to:

  • a. Delegate access permissions to AWS services or users
  • b. Generate access keys for root user
  • c. Assign permissions directly to an IAM user

Answer: a. Delegate access permissions to AWS services or users.

Explanation: An IAM role is an AWS identity with permission policies that determine what the identity can and can’t do in AWS. You can use roles to delegate access to users, applications, or services that don’t normally have access to your AWS resources.

True or False: In IAM, when you create a role, you need to create a new set of credentials.

  • True
  • False

Answer: False.

Explanation: Roles do not have standard long-term credentials (password or access keys) associated with them. Instead, if a user assumes a role, temporary security credentials are created dynamically and provided to the user.

Which of the following is NOT a feature of IAM?

  • a. Sharing access without sharing passwords
  • b. Centralized control of AWS account
  • c. Possibility to grant unlimited permissions to all users

Answer: c. Possibility to grant unlimited permissions to all users.

Explanation: IAM provides the option to grant only the necessary access to users but does not endorse granting unlimited permissions to all users.

True or False: AWS SSO supports SAML

  • True
  • False

Answer: True.

Explanation: AWS SSO integrates with several business applications that support SAML 0 for single sign-on.

IAM groups are primarily used for:

  • a. Grouping EC2 resources
  • b. Grouping IAM users
  • c. Grouping S3 buckets

Answer: b. Grouping IAM users.

Explanation: IAM groups are used to collectively manage users who require the same set of permissions.

What does AWS Federated Access enable?

  • a. It allows users to switch between AWS accounts without having to sign out and sign in each time.
  • b. It allows integration with your company’s existing directory and to access AWS Management Console.
  • c. It allows the creation of IAM groups and users.

Answer: b. It allows integration with your company’s existing directory and to access AWS Management Console.

Explanation: AWS Federated Access enables you to use your organization’s existing identity systems with AWS.

True or False: IAM policies define what actions are allowed or denied on what AWS resources.

  • True
  • False

Answer: True.

Explanation: IAM policies are documents that define permissions and can be applied to users, groups, and roles.

True or False: AWS IAM provides resource-based policies but not identity-based policies.

  • True
  • False

Answer: False.

Explanation: AWS IAM provides both identity-based policies (attached to IAM identities) and resource-based policies (attached to AWS resources).

IAM is a regional service in AWS. True or False?

  • True
  • False

Answer: False.

Explanation: IAM is a global service in AWS. There is no need to select a region for IAM in AWS console.

AWS SSO requires Multi-Factor Authentication. True or False?

  • True
  • False

Answer: True.

Explanation: AWS SSO integrates with AWS Organizations for automated, policy-based employee access, with multi-factor authentication (MFA) built in.

AWS IAM supports how many types of access control policies?

  • a. 2
  • b. 3
  • c. 4

Answer: a. 2

Explanation: IAM supports both identity-based policies and resource-based policies.

If a user is attached with 2 policies, one allows access to an action and another denies, what will be the decision?

  • a. Deny
  • b. Allow

Answer: a. Deny

Explanation: In AWS IAM, an explicit Deny always overrules any Allows.

True or False: IAM users start with full permissions in AWS?

  • True
  • False

Answer: False.

Explanation: When you first create new users in IAM, they will not have any permissions. Instead, users start with no permissions and you must explicitly give them what they need.

Interview Questions

What is AWS IAM?

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

What does AWS Single Sign-On (SSO) service provide?

AWS Single Sign-On (SSO) is a cloud SSO service that makes it easy to centrally manage SSO access to all of your AWS accounts and cloud applications. It helps users to sign in into any of the accounts and applications from one place.

How does federated access work in AWS IAM?

Federated access in AWS IAM allows you to associate external identities with IAM roles. This type of access enables you to manage access to your AWS resources without having to create IAM users.

What is the purpose of IAM policies in AWS?

IAM policies are objects in AWS that, when associated with an identity or resource, define their permissions. IAM policies determine what actions are allowed or denied on what AWS resources.

How are IAM roles used in AWS?

IAM roles are AWS identities with permission policies that determine what the identity can and cannot do in AWS. You can use roles to delegate access to users, applications, or services that don’t normally have access to your AWS resources.

What features does AWS provide to secure access to AWS resources?

Some of the security features provided by AWS include IAM for user and access management, AWS Single Sign-On for easy access to AWS accounts and applications, MFA for enhanced security, and AWS Directory Service to integrate corporate directories.

Can you assign AWS IAM policies at the group level?

Yes, you can attach policies to IAM groups. All users in that group automatically inherit the permissions specified in the policies.

Can IAM roles be assumed by AWS service like EC2 instances?

Yes, IAM roles can be assumed by entities such as AWS service like EC2 instances. This allows the services to have necessary permissions to make other API requests.

How does AWS Single Sign-On interplay with AWS IAM?

AWS Single Sign-On works with AWS IAM by providing a way to manage SSO access to multiple AWS accounts and business applications. It uses IAM to assign permissions that determine what actions can be performed on which AWS resources.

What are AWS IAM roles?

IAM roles are a secure way to grant permissions to entities that you trust. Instead of sharing your AWS security credentials, you can grant permissions to other AWS accounts, AWS service, or applications running on AWS to access your resources.

Leave a Reply

Your email address will not be published. Required fields are marked *