Which of the following are you responsible for?
- Networking
- Data security (Ans)
- Storage
- Compute
The root account can be restricted by permissions.
- False (Ans)
- True
When a user is moved from one group to another group, what happens to their permissions?
- They get the permissions from both groups if the groups are nested; if groups are not nested, they get permissions from the group into which they are moved.
- They recieve the permissions for the new group and lose the permissions of the original group. (Ans)
- Users can’t be moved between groups.
- Users can’t belong to groups.
To troubleshoot policy problems, use __.
- Policy Simulator (Ans)
- Policy Verifier
- Policy Tester
Roles can be used by IAM users in different AWS accounts.
- True (Ans)
- False
To access the full set of Trusted Advisor capabilities, you must have:
- Basic support or higher
- Business support or higher (Ans)
- Enterprise support or higher
- Developer support or higher
Which of the following AWS Directory Service offerings supports LDAPS?
- Enterprise AD (Ans)
- Simple AD
- LDAP
- AD Connector
- AD Redirector
Which of the following requires an agent in an EC2 instance to gather the data it reports on?
- Amazon Inspector (Ans)
- Cloud Trail
- Access Advisor
- Credential Report
- Trusted Advisor
Which of the following is NOT an available AWS Directory Service offering?
- LDAP (Ans)
- AD Connector
- Simple AD
You have two applications in development by your internal software developers team. Some developers are assigned to App A and some to App B and a few to both. You also have some general permissions that you want to apply to all software developers.What is the simplest way to manage security while meeting the needs of each developer and the company?
- Create three groups. Nest the App A and App B groups in the software group.
Assign the developers’ IAM users to the appropriate App group based on the project they are working on. Assign permissions as required. - Create three groups. Place all the developers’ IAM users in the developer group and add them to their individual groups as needed. Assign permissions to each group as required. (Ans)
- Groups are not used with IAM users. Assign the permissions required for each developer’s IAM user account directly.
- Create two groups because users can only belong to one group at a time.
Assign the developers’ IAM users to the appropriate groups and assign all the software developer permissions to both groups and then assign
the individual app permissions to the two groups as required.
When an application needs access to another resoiurce in AWS, such as a DynamoDB Table or a S3 Bucket, the best way to provide the needed credentials is to:
- Enter the credentials directly in the application for an IAM user.
- Enter the credentials directly in the application for an IAM role.
- Make the resource publicly available so the application can access it.
- Assign the EC2 instance a role that has the necessary permissions. (Ans)
- Nothing, this is automatic in AWS.
Which policy type(s) can be associated with IAM users and IAM roles?
- Inline
- None of these – policies can’t be assigned to roles.
- AWS Managed (Ans)
- All of these
- Customer Managed
Which of the following policy types can be versioned and rolled back if necessary?
- System Managed Policy
-Inline Policy
- AWS Managed Policy
- Customer Managed Policy (Ans)
Which of the following services is used to associate a role with a federated user?
- Security Role Association Service (SRAS)
- Federated Role Service (FRS)
- Amazon Federation Service (AFS)
- Security Token Service (STS) (Ans)
Which of the following is NOT part of a policy statement?
- Conditions
- What (Ans)
- Where
- Who
- Effect
Access keys should NOT be…
- assigned to roles.
- hard coded in applications. (Ans)
- rotated regularly.
- assigned to users.
IAM users should be created for:
- Groups of users based on role or project they are working on
- Each user in the company
- Each user that needs access to AWS resources (Ans)
To receive notifications of Cloud Trail auditing data updates, use it in conjunction with which of these?
- SNS (Ans)
- SES
- SQS
- S3
Roles can be required to have users authenticated with MFA to be usable.
- True (Ans)
- False
An inline policy can be associated with multiple objects.
- False (Ans)
- True
- Gradle versions, their supported Java versions, and unsupported Java versions - December 23, 2024
- An Introduction of GitLab Duo - December 22, 2024
- Best Hospitals for affordable surgery for medical tourism - December 20, 2024