Mastering AWS IAM Roles and Policies Quiz
martialdouble-t
Created 6/24/2024
Do you know the ins and outs of IAM roles and policies? Take this quiz to prove it!
1. What is the primary function of an IAM role in AWS?
To define user permissions
To provide long-term access keys
To enable users or services to assume different permissions for a task
To attach policies to specific resources
2. Which component do IAM policies NOT get attached to?
Users
Groups
Resources
AWS Regions
3. What happens if an IAM policy does not explicitly allow a request?
It is implicitly denied
It is implicitly allowed
It generates an error
It is prompted for manual approval
4. Which statement is true about IAM roles?
They are associated with a specific user
They allow the temporary granting of permissions
They require a password for access
They cannot be assumed by AWS services
5. Which of the following is NOT a criterion that AWS policies are based on?
Identity
Resources
Service Regions
Session policies
6. What service generates a time-limited set of access keys when a role is assumed?
Amazon S3
Amazon EC2
Security Token Service (STS)
AWS CloudFormation
7. Which AWS service can use resource-based policies among the following?
Amazon S3
Amazon EC2
AWS Elastic Beanstalk
AWS Lambda
8. In IAM, what is the default policy applied to all AWS users?
Explicit allow
Explicit deny
Implicit allow
Implicit deny
9. Which of the following is a best practice for managing AWS IAM policies?
Granting all users administrator access
Using the root account for everyday tasks
Adhering to the principle of least privilege
Avoiding the use of multi-factor authentication
10. What type of policy is used to enforce MFA usage across an organization?
Identity-based policy
Access control list (ACL)
Service control policy (SCP)
Permission boundary
11. What does an IAM policy's 'Effect' attribute define?
The specific resource affected
The service allowed or denied
The action taken on a resource
Whether the policy allows or denies access
12. An IAM policy's 'Statement' includes which of the following attributes?
Service, Role, User
Effect, Action, Principal
Region, Account, Permissions
Date, Time, Duration
13. Why are roles preferable to long-term credentials in AWS?
Roles simplify billing
Roles can be shared across AWS regions
Roles provide temporary access reducing risk
Roles do not need any policies attached
14. For a request to be permitted in AWS IAM, which of the following must be true?
The request must come from a trusted IP address
The root user must make the request
All associated policies must allow the request
A manual approval must be issued
15. What is a common use case for cross-account access using IAM roles?
Configuring network settings between AWS regions
Managing AWS billing and budgets
Allowing one AWS account to access resources in another AWS account
Setting up Amazon RDS instances
