Identity and Access Management Questions
Practice questions for Identity and Access Management topic in AWS Certified Security - Specialty. 40 questions covering this domain.
What is the primary purpose of a permissions boundary for an IAM user or role?
A company enabled an external access analyzer in one AWS Region and expects it to monitor all supported resources in every Region. What is the correct...
A company wants CloudTrail logs to reflect the actual workforce user who accessed downstream AWS managed applications through federated access. Which ...
A team attaches a resource-based policy statement that uses `NotPrincipal` with `Deny` to a resource. Some IAM roles with permissions boundaries unexp...
A platform team wants to generate least-privilege IAM policies based on access activity that has already occurred in the account. Which IAM Access Ana...
Which statement about temporary security credentials from AWS STS is correct?
A company wants one place to assign permissions to groups of workforce users across multiple AWS accounts. Which AWS service should the company use?
A security team wants to identify Amazon S3 buckets and IAM roles in its organization that are shared with external entities through resource-based po...
A global application is suffering unnecessary latency when requesting temporary credentials. Which AWS STS design choice can reduce latency without li...
An IAM user has an identity-based policy that allows `iam:CreateUser`, but the user's permissions boundary allows actions only in Amazon S3, Amazon Cl...
Which IAM construct lets an EC2 instance receive AWS API permissions through automatically rotated temporary credentials delivered by the instance met...
A web application allows end users to sign in with social or SAML identity providers and needs to issue temporary AWS credentials for those users to a...
A workload running on Amazon EKS needs short-lived AWS credentials that map specifically to the Kubernetes service account, without sharing the worker...
A multi-account organization wants to grant a CI/CD pipeline running outside AWS access to deploy resources without storing long-lived IAM access keys...
A security team wants to restrict the maximum permissions that an IAM role's session has when assumed by a specific application, narrowing them at Ass...
An organization wants service control policies to allow only a specific list of AWS services across all member accounts. Which SCP strategy is the rec...
Which IAM trust-policy condition key is recommended to mitigate the confused deputy problem when a third party assumes a role across accounts?
A developer can launch EC2 instances but receives `AccessDenied` when assigning an instance profile to those instances. Which IAM action must the deve...
A platform team wants federated workforce users to access many AWS accounts using attributes from their identity provider (such as department or cost ...
Which AWS service securely shares specific AWS resources, such as Transit Gateways or Resolver rules, with other AWS accounts in an organization witho...
Sign in to see all 40 questions
Create a free account to browse all questions — completely free during our launch phase.