You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A group allows you to add _____ to a group. A role allows you to add _____.
users
users and AWS resources
SAML stands for _____
Security Assertion Markup Language.
What permissions do new IAM users start with?
None
STS stands for _____, and is the service IAM roles use to rotate credentials.
Security Token Service
IAM role credentials are rotated every ____ by default
12 hours
Can IAM policies apply to a group?
Yes
The isolated cloud for government access only is called _____
GovCloud
Can one IAM role have multiple policies assigned?
Yes
Can you create multiple access IDs and secret keys for an IAM user?
Yes
An IAM _____ is a collection of statements that define who has what type of access.
Policy
IAM adopts the security principle of _____ privilege.
least
IAM grants access to _____
Resources
AWS _____ provides temporary, limited credentials for authenticated or unauthenticated users, without having to manage any backend infrastructure.
Cognito
IAM managers _____, _____ and _____.
users, groups and roles
A _____ is a document that provides a formal statement of one or more permissions.
Policy
I can enable multifactor authentication by using
IAM
New IAM users have a _____ ID and _____ Key automatically generated for them.
Access Key ID
Secret Access Key
You have created a system administrator account. To allow it access to the AWS console, it also needs a _____ generated for it.
password
Can an IAM policy specify access to a resource by IP range?
Yes
IAM policies save up to ____ versions of your policies
5
ISMS stands for _____ and is a collection of information security policies and processes for your organization’s assets on AWS.
Information Security Management System
Can IAM policies restrict by time of day?
Yes
After 3 unsuccessful attempts to access an HSM partition with HSM Admin credentials, the HSM partitions are _____
erased
To get a report of credentials in your AWS infrastructure, you could download a _____ from IAM.
Credential Report
A solution to enable access to files on an S3 bucket, with ability to rotate credentials could be built with an _____ for the bucket and an identity based on the _____.
IAM policy
Security Token Service
You've deleted an IAM user. What happens to the user's access keys and signing certificates?
They are automatically deleted
Is there a limit to how many groups a user can be in?
Yes - unless it is a root user.
In IAM, _____ are collections of permissions.
Roles
Can IAM policies define access to specific API calls?
Yes
SAML stands for...
Security Assertion Markup Language
You can _____ an IAM policy to quickly see what it allows.
simulate
AWS _____ is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.
CloudHSM
Can CloudHSM keys be accessed by AWS employees?
No
Can you enforce Multi-Factor Authentication via an IAM access policy?
Yes
Can you achieve single sign-on with by integrating IAM into your Active Directory/LDAP?
Yes
The two AWS permission types are _____-based and _____-based.
User-based and Resource-based
Can a user be associated with multiple AWS accounts?
No
A non-root IAM user can be a part of _____ groups maximum.
10
The _____ IAM policy template gives the "Admins" group permission to access all account resources.
Administrator Access
How many MFA devices can a user have in AWS by default?
1
Does IAM integrate with Active Directory?
Yes
Can IAM handle Single Sign-on?
Yes
Can IAM manage fine-grained access control to AWS resources?
Yes
Does IAM allow you to create a password rotation policy?
Yes
Does IAM provide policy templates for automatically assigning permissions to groups?
Yes