AWS Certification glossary quiz: IAM

I also keep getting stuck on IAM and key related questions so here's a quiz on IAM.

Qn1 One of two possible outcomes (the other is deny) when an IAM access policy is evaluated. When a user makes a request to AWS, AWS evaluates the request based on all permissions that apply to the user and then returns either deny or this one.

alarm
permit
true
allow

Qn2 A web service that enables Amazon Web Services (AWS) customers to manage users and user permissions within AWS.


AWS user service (AUS)
AWS customer service (ACS)
AWS access management (AAM)
AWS Identity and Access Management (IAM)

Qn3: An IAM managed policy that is created and managed by AWS.

AWS management
AWS policy
AWS IAM policy
AWS managed policy

Qn4: A web service for requesting temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).


AWS credential service (AWS ACS)
AWS token service (AWS TS)
AWS IAM service (AWS IAM)
AWS Security Token Service (AWS STS)

Qn5: IAM: Any restriction or detail about a permission. D in the statement "A has permission to do B to C where D applies."

restriction
detail
where clause
condition

Qn6 The process of permitting limited, controlled use of resources in one AWS account by a user in another AWS account. In IAM you use a role to delegate temporary access to a user in one account to resources in another.

limited access
foreign access
role delegation access
cross-account access

Qn7: An IAM managed policy that you create and manage in your AWS account.

own policy
account policy
create policy
customer managed policy

Qn8: Allows individuals to sign in to different networks or services, using the same group or personal credentials to access data across all networks. Allows external identities to be granted secure access to resources in an AWS account without having to create IAM users. These external identities can come from a corporate identity store (such as LDAP or Windows Active Directory) or from a third party (such as Login with Amazon, Facebook, or Google). AWS federation also supports SAML 2.0.

network management
service management
SAML management

federated identity management (FIM)

Qn9: A collection of IAM users. You can use them with IAM to simplify specifying and managing permissions for multiple users.

IAM collection

multiple user permissions

IAM users

group

Qn10 An IAM entity that holds metadata about external identity providers.

IAM metadata

IAM external data

IAM entity

identity provider (IdP)

Qn11: An IAM policy that is embedded in a single IAM user, group, or role.

user policy

internal policy

outline policy

inline policy

Qn12: IAM: In a policy, a specific characteristic that is the basis for restricting access (such as the current time, or the IP address of the requester).

policy

restricted access

basic policy

key

TODO Check this, I can't find it in the IAM docs!!!

Qn13 A standalone IAM policy that you can attach to multiple users, groups, and roles in your IAM account. Can either be AWS managed (which are created and managed by AWS) or customer managed (which you create and manage in your AWS account).

standalone policy

group policy

IAM policy manager

managed policy

Qn14: IAM: A document defining permissions that apply to a user, group, or role; the permissions in turn determine what users can do in AWS. Typically allows access to specific actions, and can optionally grant that the actions are allowed for specific resources, like EC2 instances, Amazon S3 buckets, and so on. Can also explicitly deny access.

permissions

allows

grants

policy

Q15: An entity that users can work with in AWS, such as an EC2 instance, an Amazon DynamoDB table, an Amazon S3 bucket, an IAM user, an AWS OpsWorks stack, and so on.

thing

worker

entity

resource

Qn16: A key that is used in conjunction with the access key ID to cryptographically sign programmatic AWS requests. Signing a request identifies the sender and prevents the request from being altered. You can them for your AWS account, individual IAM users, and temporary sessions.

programmatic key

signed key

sender key

secret access key

Qn17: An IAM role that grants permissions to an AWS service so it can access AWS resources. The policies that you attach to it determine which AWS resources the service can access and what it can do with those resources.

permissions role

granted role

selector role

service role

Qn18: An IAM policy that is an inherent part of an IAM role. It specifies which principals are allowed to use the role.

signed policy

principal policy

allow policy

trust policy

THE END

THE END

THE END

THE END

THE END

Answers below...

If you havn't already noticed the last answer is the correct answer.

And a reminder: The 3 principals that can authenticate and interact with AWS resources are: The root user, IAM users (and applications?), and roles.