Shared Flashcard Set

Details

IAM Quiz
quiz from a cloud guru
31
Software
Professional
08/01/2020

Additional Software Flashcards

 


 

Cards

Term
Which kind of AWS IAM Policy would you use if you strictly want to attach the policy to a single user and be certain that it cannot be accidentally attached to any other user?
Definition
Inline Policy
Term
Which four things are returned by GetFederationToken when a user successfully logs to AWS in using their Active Directory credentials?
Definition
Access key, secret access key, session token, expiration.
Term
The root administrator has left your company, what should you do to ensure your AWS account is secure?
Definition
The following best practices are recommended in order to secure the root account: configure MFA, use a strong password and rotate it regularly and delete the root access key and secret access key. It is also best practise to delete any account associated with a user who has left the company.
Term
Which of the following IAM Policies can you change to update them when the needs of your organization change?
Definition
AWS Managed Policies cannot be changed, only Customer Managed and Inline Policies can be changed and updated to reflect the needs of your organization.
Term
To which of the following entities can you attach an IAM Policy?
Definition
IAM Groups and IAM Roles
Term
Which of the following approaches would you use to enable an application running on EC2 to read objects located in an S3 bucket?
Definition
Create an IAM role with read access to the bucket and associate the role with the EC2 instance
Term
You have configured Cross Region Replication on your S3 bucket and would like to enforce the use of SSL. How would you approach this?
Definition
Do nothing, SSL is enabled by default when you configure Cross Region Replication
Term
Which of the following statements is correct in relation to S3 cross-region replication?
Definition
SSL is enabled by default
Term
What is a permissions boundary used for?
Definition
It is used to limit the maximum permissions for a user, group or role
Term
You have created an S3 bucket policy which denies access to all users. Later on you add an additional statement to the bucket policy to allow read only access to one of your colleagues, however even after updating the policy, your colleague is still getting an access denied message. What is the reason for this?
Definition
An explicit deny always overrides an allow, so access will be denied
Term
Last week you created a Vault Lock Policy to prevent archived files from being deleted unless they are over 2 years old. But now your CTO has changed their mind and only wants to keep the archives for 1 year. What is your recommended approach?
Definition
Go back to the CTO and explain that once the Vault Lock is in place, it cannot be changed
Term
Which of the following steps would you need to complete in order to configure Cross Region Replication where source and destination buckets are owned by different accounts?
Definition
The owner of the destination bucket must grant the owner of the source bucket permissions to replicate objects with a bucket policy.
Term
Which of the following policy types is created and managed completely by AWS?
Definition
AWS Managed Policy
Term
Which of the following policies work in combination to define who or what can an access an S3 bucket?
Definition
S3 Bucket Policy and IAM policy
Term
You have created a website hosted in S3 and configured a CloudFront web distribution. Which steps do you need to take to force your users to access your site using CloudFront and not directly using the S3 url?
Definition
Configure the bucket policy on your Amazon S3 bucket so that only the origin access identity has read permission for objects in the bucket

Select "Restrict Bucket Access" in the Origin Settings of your CloudFront Distribution
Create an origin access identity for your S3 origin
Term
Which of the following can you achieve using Amazon Cognito?
Definition
Federated access to your web application for Facebook users
Anonymous guest access to your web application
Term
You would like to restrict access to S3 across a number of different AWS accounts in your organization. Which AWS feature can you use to do this?
Definition
Service Control Policy
Term
You have created a new s3 bucket and you want to force users to use HTTPS when uploading objects to your bucket, which approach should you use?
Definition
Configure a bucket policy which includes a condition statement which denies requests which do not use aws:SecureTransport
Term
The AWS STS API supports which of the following methods of access?
Definition
Cross Account Access
Active Directory Federation
Web Identity Federation
Term
You are configuring a CloudFront web distribution for your website hosted in S3. Your marketing team has already purchased a registered domain name that they would like to use for the new website. Which kind of SSL certificate would you use in this configuration?
Definition
Use a custom SSL certificate with the certificate stored in ACM in us-east-1
Term
Which of the following best describes a Glacier Vault?
Definition
A container which stores one or more Glacier archives
Term
What is meant by the "principal" in relation to AWS and permissions?
Definition
The principal specifies the user, account, service, or other entity that is allowed or denied access to a resource
Term
Which of the following is correct in relation to Service Control Policies?
Definition
They can only be used to limit permissions to AWS resources and
An SCP applies to all Organizational Units and accounts below the Organizational Unit to which it has been attached
Term
Which of the following does AWS IAM enable you to do?
Definition
Multi-Factor Authentication


Identity Federation with Web Identity providers


Manage user access to the AWS Console


Identity Federation with Active Directory
Term
Which feature of AWS would you use to configure consolidate billing, group your AWS accounts into logical groupings for access control and attach Service Control Policies?
Definition
AWS Organizations
Term
Which AWS API gets called used when a user accesses AWS using their Active Directory credentials?
Definition
Security Token Service
Term
Which of the following would you use to define the IAM permissions which specify what can be done and what actions can be taken against resources in your AWS environment?
Definition
IAM Policy
Term
Which of the following types of IAM Policy is created and administered by you and can be attached to multiple users, groups or roles within your account?
Definition
Customer Managed Policies
Term
How would you go about enforcing a mandatory 5 year retention policy on your Glacier archives?
Definition
Use a Vault Lock Policy which prevents any user from deleting archives which are less than 5 years in age
Term
Which of the following statements is correct in relation to user federation with Active Directory?
Definition
Users do not need to have IAM credentials and
The user must browse to the ADFS sign-in page
Term
Which of the following mechanisms would you use to apply fine grained permissions on an object in S3?
Definition
S3 ACL
Supporting users have an ad free experience!