1.What best describes an IAM role?
A. A role is used when configuring multi-factor authentication.
B. A role is a policy that determines an IAM user’s access to AWS resources.
C. A role is something that a user, application or service can “assume” to receive temporary security credentials that provide access to a resource.
D. A role is a policy that is applied directly to an AWS resource, such as an EC2 instance.
Correct Answer : C
2.You work for a large consulting firm that has just hired a junior consultant, named Jessica, who will be working on a large AWS project. She will be working remotely and, therefore, is not present in the office. You create a new IAM user for her named “Jessica” in your company’s AWS account. On Jessica’s first day, you ask her to make a change to a CloudWatch alarm in an Auto Scaling group. Jessica reports back that she does not have access to CloudWatch or Auto Scaling in the AWS console. What is a possible explanation for this?
A. Only IAM account admins can make changes to Auto Scaling groups.
B. Because she is working remotely, she would need to SSH into the instances in the Auto Scaling group via her terminal to make the changes
C. You have not added the appropriate IAM permissions and access policies to her IAM user.
D. When you created the new user, you forgot to assign access keys.
Correct Answer : C
3.Which of the following are managed using IAM? (Choose 2)
A. Multi-Factor Authentication
B. Bucket Policies
C. Billing Reports
Correct Answer: A, D
4.When requested through an STS API call, credentials are returned with what components?
A. Signed URL, Security Token, Username
B. Security Token, Access Key ID, Secret Access Key, Expiration
C. Security Token, Secret Access Key, Personal Pin Code
D. Security Token, Access Key ID, Signed URL
Correct Answer: B
5.API Access Keys are required in which scenarios below? (Choose 2)
A. Retrieving data from an ElastiCache cluster.
B. On premise servers connecting to RDS databases
C. AWS CLI
D. Windows PowerShell
E. Managing AWS resources through the AWS console
Correct Answer: C and D
6.You would like to use STS to allow end users to authenticate from third-party providers such as Facebook, Google, and Amazon. What is this type of authentication called?
A. Web Identity Federation
B. Cross-Account Access
C. Enterprise Identity Federation
D. Commercial Federation
Correct Answer: A
7.Which of the following is NOT required as part of AWS’s suggested “best practices” for new accounts?
A. Delete the root account
B. Create individual IAM users
C. Use user groups to assign permissions
D. Apply an IAM password policy
Correct Answer: A
8.You have hired an engineer, Kathy Johnson, and have created an IAM user for her in the company’s AWS account. She will be overseeing the company’s DynamoDB database, so you attached the “AmazonDynamoDBFullAccess” IAM Policy to her IAM user. Six months later, Kathy was promoted to a manager and you added her to the “Managers” IAM group. The “Managers” group does not have the “AmazonDynamoDBFullAccess” policy attached to it. What will happen to Kathy’s DynamoDB access?
A. It is not possible for an IAM group to have IAM permission policies, they need to be placed at the user level
B. Nothing, as an IAM user can have multiple IAM permission policies attached to them at the same time, either directly to the user or through an associated IAM group. The multiple policies are combined and evaluated together.
C. Only one IAM policy can be attached to a user at a time. You need to create another IAM user for her to use for her to perform her DynamoDB activities.
D. You would need to remove the DynamoDB policy from her IAM user and add it to the manager’s group policy
Correct Answer: C
Want to pass AWS Certified Solutions Architect – Associate Level (2018)? Join https://linuxacademy.com