AWS Certified Solutions Architect Associate 2020 – On (IAM & S3) Welcome to your AWS Certified Solutions Architect Associate 2020 - On (IAM & S3) An application you are working on has a new app. The development team for this app requires access to a bucket that is located within your team's aws account. The other team requires programmatic and console level access to your team's bucket. How would you share this bucket with this other team's account? Setting up a resource-based policy Setting up a shared IAM policy Setting up a Resource Based Access Control List (ACL) Setting up a cross account IAM Role You have created a new AWS account for your company, and you have also configured multi-factor authentication on the root account. You are about to create your new users. What strategy should you consider in order to ensure that there is good security on this account. Require users only to be able to log in using biometric authentication. Enact a strong password policy: user passwords must be changed every 45 days, with each password containing a combination of capital letters, lower case letters, numbers, and special symbols. Give all users the same password so that if they forget their password they can just ask their co-workers. Restrict login to the corporate network only. Power User Access allows ____. Access to all AWS services except the management of groups and users within IAM. Users to inspect the source code of the AWS platform Full Access to all AWS services and resources. Read Only access to all AWS services and resources. What is the default level of access a newly created IAM User is granted? Read-only access to all AWS services. Power user access to all AWS services. No access to any AWS services. Administrator access to all AWS services. A __ is a document that provides a formal statement of one or more permissions. Group Policy User Role In what language are policy documents written? Java Ruby Node.js JSON Which of the following is not a component of IAM? Roles Groups Users Organizational Units What level of access does the "root" account have? Administrator Access Power User Access No Access Read-only Access What is an additional way to secure the AWS accounts of both the root account and new users alike? Configure the AWS Console so that you can only log in to it from your internal network IP address range. Implement Multi-Factor Authentication for all accounts. Configure the AWS Console so that you can only log in to it from a specific IP Address range Store the access key id and secret access key of all users in a publicly accessible plain text document on S3 of which only you and members of your organization know the address. You are a security administrator working for a hotel chain. You have a new member of staff who has started as a systems administrator, and she will need full access to the AWS console. You have created the user account and generated the access key id and the secret access key. You have moved this user into the group where the other administrators are, and you have provided the new user with their secret access key and their access key id. However, when she tries to log in to the AWS console, she cannot. Why might that be? You have not applied the "log in from console" policy document to the user. You must apply this first so that they can log in. You have not yet activated multi-factor authentication for the user, so by default they will not be able to log in. Your user is trying to log in from the AWS console from outside the corporate network. This is not possible. You cannot log in to the AWS console using the Access Key ID / Secret Access Key pair. Instead, you must generate a password for the user, and supply the user with this password and your organization's unique AWS console login URL. You have a client who is considering a move to AWS. In establishing a new account, what is the first thing the company should do? Set up an account via SNS (Simple Notification Service) Set up an account using their company email address. Set up an account using Cloud Search. Set up an account via SQS (Simple Queue Service). A new employee has just started work, and it is your job to give her administrator access to the AWS console. You have given her a user name, an access key ID, a secret access key, and you have generated a password for her. She is now able to log in to the AWS console, but she is unable to interact with any AWS services. What should you do next? Ensure she is logging in to the AWS console from your corporate network and not the normal internet. Require multi-factor authentication for her user account. Tell her to log out and try logging back in again. Grant her Administrator access by adding her to an Administrators' group. Which statement best describes IAM? IAM stands for Improvised Application Management, and it allows you to deploy and manage applications in the AWS Cloud. IAM allows you to manage permissions for AWS resources only. IAM allows you to manage users' passwords only. AWS staff must create new users for your organization. This is done by raising a ticket. IAM allows you to manage users, groups, roles, and their corresponding level of access to the AWS Platform. What is the default level of access a newly created IAM User is granted? Administrator access to all AWS services. Power user access to all AWS services. Read-only access to all AWS services. No access to any AWS services. Every user you create in the IAM systems starts with ____. Inherited Permissions No Permissions Partial Permissions Full Permissions You are a solutions architect working for a large engineering company that are moving from a legacy infrastructure to AWS. You have configured the company's first AWS account and you have set up IAM. Your company is based in Andorra, but there will be a small subsidiary operating out of South Korea, so that office will need its own AWS environment. Which of the following statements is true? You will need to configure Users and Policy Documents only once, as these are applied globally. You will need to configure your users regionally, however your policy documents are global. You will then need to configure Users and Policy Documents for each region, respectively. You will need to configure your policy documents regionally, however your users are global. You are a developer at a fast-growing startup. Until now, you have used the root account to log in to the AWS console. However, as you have taken on more staff, you will need to stop sharing the root account to prevent accidental damage to your AWS infrastructure. What should you do so that everyone can access the AWS resources they need to do their jobs? (SELECT TWO) Create a customized sign-in link such as "yourcompany.signin.aws.amazon.com/console" for your new users to use to sign in with. Create an additional AWS root account for each new user. Create individual user accounts with minimum necessary rights and tell the staff to log in to the console using the credentials provided. Give your users the root account credentials so that they can also sign in. Which of the following is not a feature of IAM? IAM allows you to set up biometric authentication, so that no passwords are required. IAM offers fine-grained access control to AWS resources. IAM offers centralized control of your AWS account. IAM integrates with existing active directory account allowing single sign-on. When you create a new user, that user ____. Will be able to log in to the console only after multi-factor authentication is enabled on their account. Will be able to interact with AWS using their access key ID and secret access key using the API, CLI, or the AWS SDKs assuming programmatic access was enabled. Will only be able to log in to the console in the region in which that user was created. Will be able to log in to the console anywhere in the world, using their access key ID and secret access key. Time is Up!