AWS Identity and Access Management (IAM) enables you to manage access to
AWS services and resources securely. Using IAM, you can create and manage
AWS users and groups, and use permissions to allow and deny their access to
AWS resources.
1. What is the primary purpose of AWS IAM?
a. Infrastructure management
b. Identity and access management
c. Data storage
d. Network configuration
Answer: bIdentity and
access management
Explanation: AWS IAM is a web service that helps you securely control access to AWS resources. It enables you to create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources. AWS IAM Overview
Explanation: AWS IAM is a web service that helps you securely control access to AWS resources. It enables you to create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources. AWS IAM Overview
2.What is the maximum number of IAM users you can have in an AWS account
by default?
a. 10
b. 50
c. 100
d. Unlimited
Answer: c. 100
Explanation: By default,
AWS allows you to create up to 100 IAM users in an AWS account.Limitations on IAM Entities and Objects
3. What is the minimum information required to create an IAM user?
a. Username
b. Email address
c. Full name
d. Both a and b
Answer: a. Username
Explanation: The minimum
information required to create an IAM user is the username. Creating an IAM User
4. Which AWS service is responsible for federated access to AWS
resources?
a. AWS IAM
b. AWS S3
c. AWS STS
d. AWS EC2
Answer: c. AWS STS
Explanation: AWS Security
Token Service (STS) is responsible for federated access to AWS
resources. It provides temporary security credentials for users outside
of AWS accounts. AWS Security Token Service (STS)
5. What is the purpose of an IAM role?
a. To define a set of permissions for an IAM user
b. To define a set of permissions for an EC2 instance
c. To define a set of permissions for an S3 bucket
d. To define a set of permissions for an RDS database
Answer: b. To define a set of permissions
for an EC2 instance
Explanation: IAM roles are used to grant permissions to entities, in this
case, EC2 instances, to access other AWS resources. IAM Roles
6. Which AWS service allows you to grant temporary access to your AWS
resources to users outside your AWS account?
a. AWS S3
b. AWS IAM
c. AWS STS
d. AWS EC2
Answer: c. AWS STS
Explanation: AWS Security
Token Service (STS) allows you to grant temporary access to your AWS
resources to users outside your AWS account. AWS Security Token Service (STS)
7. What is the purpose of an IAM policy?
a. To define IAM users
b. To define IAM roles
c. To define permissions for users and resources
d. To define network configurations
Answer: c. To define
permissions for users and resources
Explanation: IAM policies
are used to define permissions for users, groups, and roles to access
AWS resources. IAM Policies
8. How are IAM policies associated with IAM users, groups, or roles?
a. Inline policies
b. Managed policies
c. Both a and b
d. Policies are not associated with users, groups, or roles
Answer: c. Both a and
b
Explanation: IAM policies can be attached inline or managed. Inline policies are
embedded directly within a user, group, or role, while managed policies
are standalone policies. Managed Policies and Inline Policies
9. What is the IAM policy language called?
a. AWS Query Language
b. AWS Policy Language
c. JSON Policy Language
d. IAM Policy Syntax
Answer: c. JSON Policy
Language
Explanation: The IAM
policy language is JSON-based and is used to define permissions. IAM
JSON Policy Elements: Reference
10.How often does AWS recommend rotating access keys for IAM
users?
a. Every 30 days
b. Every 60 days
c. Every 90 days
d. Access keys do not need rotation
Answer: b. Every 60
days
Explanation: AWS
recommends rotating access keys for IAM users every 60 days for
security reasons. Rotating Access Keys
11.What is the purpose of an IAM group?
a. To organize IAM users
b. To define IAM roles
c. To assign policies to multiple users at once
d. To create cross-account access
Answer: c. To assign
policies to multiple users at once
Explanation: IAM
groups allow you to organize IAM users and assign policies to
multiple users simultaneously. Working with IAM Groups
12.Which AWS service allows you to enable multi-factor
authentication (MFA) for IAM users?
a. AWS IAM
b. AWS S3
c. AWS EC2
d. AWS Lambda
Answer: a. AWS IAM
Explanation: AWS IAM
is the service that enables multi-factor authentication (MFA) for
IAM users. Using Multi-Factor Authentication (MFA) in AWS
13.What is the maximum number of IAM roles that can be assumed
by a single IAM user at the same time?
a. 1
b. 5
c. 10
d. 25
Answer: c. 10
Explanation: A single
IAM user can assume up to 10 IAM roles at the same time. IAM Roles
14.How are IAM users authenticated by default?
a. Username and password
b. API key
c. Access key and secret key
d. IAM users are not authenticated
Answer: c. Access key
and secret key
Explanation: IAM
users are authenticated using access key and secret key pairs.
Authentication and Access Control for AWS Systems
15.What is the purpose of the AWS Organizations service in the
context of IAM?
a. To manage IAM users
b. To organize AWS accounts into a hierarchy
c. To enable cross-account access
d. To create IAM policies
Answer: b. To
organize AWS accounts into a hierarchy
Explanation: AWS
Organizations is used to organize AWS accounts into a hierarchy,
not specifically for IAM purposes. AWS Organizations
16.How can IAM be used to control access to resources based on
tags?
a. By using IAM policies
b. By using IAM roles
c. By using IAM conditions
d. By using AWS Organizations
Answer: a. By using
IAM policies
Explanation: AWS IAM
allows you to configure fine-grained permissions for your
resources based on tags. Controlling Access to Resources Using Tags
17.How can IAM access for the AWS Management Console be
enabled?
a. By creating IAM roles
b. By creating IAM policies
c. By configuring IAM users
d. IAM access is always enabled by default
Answer: a. By
creating IAM roles
Explanation: IAM
roles can be used to enable IAM access for the AWS Management
Console. Creating IAM Roles
18.What information is provided by the IAM credential
report?
a. List of IAM users
b. List of IAM groups
c. List of IAM roles
d. List of access keys and their status
Answer: d. List of
access keys and their status
Explanation: The IAM
credential report provides information about IAM users, including
the status of their access keys. IAM Credential Reports
19.How can IAM roles be used to grant temporary access to AWS
resources to a third-party without sharing AWS security
credentials?
a. By using IAM users
b. By using IAM roles
c. By using IAM policies
d. By using IAM groups
Answer: b. By using
IAM roles
Explanation: IAM roles are used to grant temporary access to your AWS
resources to a third-party without sharing your AWS security
credentials. IAM Roles
20.How is a virtual MFA device set up for an IAM user?
a. By using AWS S3
b. By using AWS IAM
c. By using AWS EC2
d. By using AWS Lambda
Answer: b. By using
AWS IAM
Explanation: AWS
Identity and Access Management (IAM) is used to set up and
configure a virtual MFA device for IAM users. Enabling a Virtual MFA Device
21.What is the purpose of the "IAM Access Analyzer" in AWS?
a. To analyze IAM user login activity
b. To analyze access patterns of IAM roles
c. To analyze permissions granted to AWS resources
d. To analyze IAM policy conditions
Answer: c. To
analyze permissions granted to AWS resources
Explanation: IAM
Access Analyzer is a service that analyzes permissions granted
using policies attached to AWS resources. IAM Access Analyzer
22.How can you allow an IAM user to manage their own
password?
a. By attaching the "IAMSelfManagePassword" policy
b. By enabling multi-factor authentication (MFA)
c. By configuring password policies
d. IAM users can always manage their own passwords
Answer: d. IAM
users can always manage their own passwords
Explanation: IAM
users are allowed to manage their own passwords by default.
Managing IAM User Passwords
23.Which IAM feature allows you to rotate credentials for AWS
services automatically?
a. IAM Roles
b. IAM Users
c. IAM Policies
d. IAM Credential Rotation
Answer: a. IAM
Roles
Explanation: IAM
roles allow you to grant permissions to AWS services and rotate
credentials automatically. IAM Roles
24.What is the purpose of the "Principal" in an IAM policy?
a. It defines the effect of the policy
b. It specifies the actions allowed or denied
c. It specifies the IAM entity that is allowed or denied
access
d. It is not a valid element in an IAM policy
Answer: c. It specifies the IAM entity that is allowed or denied
access
Explanation: The
"Principal" element in an IAM policy specifies the IAM entity
(user, group, or role) that is allowed or denied access. IAM JSON Policy Elements: Reference
25.Which AWS service provides managed policies that you can use
as a starting point for your own policies?
a. AWS IAM
b. AWS S3
c. AWS Organizations
d. AWS Identity and Access Management (IAM)
Answer: d. AWS
Identity and Access Management (IAM)
Explanation: AWS IAM provides managed policies that you can use as a
starting point for your own policies. AWS Managed Policies
26.How can you grant permissions to an IAM user only if they are
accessing AWS services from a specific IP address range?
a. By using IAM policies
b. By using IAM conditions
c. By configuring the VPC security group
d. By enabling multi-factor authentication (MFA)
Answer: b. By using
IAM conditions
Explanation: IAM conditions can be used to specify additional criteria,
such as IP address range, for granting permissions. IAM JSON
Policy Elements: Condition Operators
27.What is the purpose of IAM roles with Single Sign-On
(SSO)?
a. To manage IAM users within a Kubernetes cluster
b. To provide IAM roles to Kubernetes workloads
c. To enable cross-account access
d. To simplify user authentication for multiple AWS
accounts
Answer: d. To
simplify user authentication for multiple AWS accounts
Explanation: IAM
roles with Single Sign-On (SSO) simplify user authentication for
multiple AWS accounts. IAM Roles for Single Sign-On (SSO)
28.What is the default authentication method for accessing the
AWS Management Console?
a. Username and password
b. API key
c. Access key and secret key
d. Multi-factor authentication (MFA)
Answer : a.
Username and password
Explanation: The
default authentication method for accessing the AWS Management
Console is using a username and password. AWS Management Console Sign-In
29.How can you grant permissions to an IAM user based on the
time of day they access AWS resources?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS CloudWatch alarms
d. Time-based permissions are not supported in IAM
Answer: b. By using
IAM conditions
Explanation: IAM conditions allow you to specify time-based criteria for
granting permissions. IAM JSON Policy Elements: Condition Operators
30.What is the purpose of "IAM Roles for Service Accounts" in
the context of AWS Kubernetes (EKS)?
a. To manage IAM users within a Kubernetes cluster
b. To provide IAM roles to Kubernetes workloads
c. To enable multi-factor authentication (MFA) for Kubernetes
pods
d. To create IAM policies for Kubernetes namespaces
Answer: b. To
provide IAM roles to Kubernetes workloads
Explanation: IAM Roles for Service Accounts enable Kubernetes pods to
assume IAM roles and access AWS resources. IAM Roles for Service Accounts
31.How does IAM handle permissions when an IAM user is a member
of multiple IAM groups?
a. The user inherits the permissions of all groups
b. The user is denied access to resources
c. The user inherits the permissions of the first group they
belong to
d. IAM groups do not affect user permissions
Answer: a. The user
inherits the permissions of all groups
Explanation: IAM
users inherit the permissions of all IAM groups to which they
belong. IAM Groups
32.Which AWS CLI command is used to create an IAM group?
a. aws iam add-group
b. aws iam create-group
c. aws group-create-iam
d. aws create-iam-group
Answer: b. aws iam
create-group
Explanation: The
aws iam create-group command is used to create an IAM group
using the AWS CLI. AWS CLI Command Reference for IAM
33.What is the purpose of the "IAM Access Level Summary" report
in AWS IAM?
a. To view a summary of IAM users' access levels
b. To view a summary of IAM roles' access levels
c. To view a summary of IAM groups' access levels
d. There is no such report in AWS IAM
Answer: d. There is
no such report in AWS IAM
Explanation: As of
the last knowledge update, there is no "IAM Access Level
Summary" report in AWS IAM.
34.How can you grant permissions to an IAM user based on their
identity provider (IdP)?
a. By using IAM policies
b. By using IAM roles
c. By using IAM conditions
d. By configuring AWS Single Sign-On (SSO)
Answer: c. By using IAM conditions
Explanation: IAM
conditions can be used to specify criteria based on the identity
provider for granting permissions. IAM JSON Policy Elements:Condition Keys for AWS Identities
35.What is the purpose of the "IAM Policy Change Notifications"
feature in AWS CloudWatch?
a. To receive notifications for changes to IAM users
b. To receive notifications for changes to IAM policies
c. To receive notifications for IAM user login activity
d. To receive notifications for changes to IAM roles
Answer: b. To
receive notifications for changes to IAM policies
Explanation: IAM
Policy Change Notifications in CloudWatch can be set up to
receive notifications for changes to IAM policies. IAM Policy Change Notifications
36.How can you enforce secure password policies for IAM
users?
a. By using IAM conditions
b. By using IAM policies
c. By configuring AWS Key Management Service (KMS)
d. By using the AWS Management Console
Answer: b. By using
IAM policies
Explanation:
Secure password policies for IAM users are enforced using IAM
policies. IAM Password Policies
37.What is the purpose of the "IAM Service Last Accessed Data"
report?
a. To track when IAM services were last accessed
b. To track when IAM policies were last modified
c. To track when IAM users were last created
d. To track when IAM services were last accessed by IAM
users
Answer: a. To track
when IAM services were last accessed
Explanation: The
IAM Service Last Accessed Data report tracks when IAM services
were last accessed. IAM Service Last Accessed Data
38.How can you delegate permissions to users in your AWS account
without sharing your security credentials?
a. By using IAM users
b. By using IAM roles
c. By using IAM policies
d. By using IAM groups
Answer: b. By using
IAM roles
Explanation: IAM
roles allow you to delegate permissions without sharing security
credentials. IAM Roles
39.What is the purpose of the "IAM Role Chaining" feature?
a. To allow IAM roles to assume other roles
b. To create dependencies between IAM roles
c. To enable multi-factor authentication (MFA) for IAM
roles
d. To disable IAM role chaining
Answer: a. To allow
IAM roles to assume other roles
Explanation: IAM
Role Chaining allows IAM roles to assume other roles, enabling a
chain of trust. IAM Role Chaining
40.How can you enforce multi-factor authentication (MFA) for
AWS CLI operations?
a. By configuring MFA in the AWS Management Console
b. By using IAM policies
c. By using temporary security credentials
d. MFA is not applicable for AWS CLI operations
Answer: c. By using
temporary security credentials
Explanation: AWS
CLI operations can enforce MFA by using temporary security
credentials. Configuring MFA-Protected API Access
41.What is the purpose of the "IAM Policy Usage" feature in
AWS?
a. To track IAM user login activity
b. To track the usage of IAM policies
c. To analyze IAM role assumptions
d. To provide recommendations for IAM best practices
Answer: b. To track
the usage of IAM policies
Explanation: IAM
Policy Usage allows you to track the usage of IAM policies. IAM Policy Usage
42.How can you grant permissions to an IAM user based on their
IP address?
a. By using IAM conditions
b. By using IAM policies
c. By configuring VPC security groups
d. By using IAM roles
Answer: a. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including IP
address, for granting permissions. IAM JSON Policy Elements: Condition Operators
43.What is the purpose of the "IAM Policy Simulator"?
a. To simulate IAM user login activity
b. To simulate IAM policy changes
c. To simulate the effect of IAM policies
d. To simulate IAM role assumptions
Answer: c. To
simulate the effect of IAM policies
Explanation: The
IAM Policy Simulator allows you to simulate the effect of IAM
policies before applying them. IAM Policy Simulator
44.How can you grant permissions to an IAM user based on their
membership in an AWS organization?
a. By using IAM conditions
b. By using IAM policies
c. By configuring AWS Organizations policies
d. By using IAM roles
Answer: a. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including membership
in AWS organizations, for granting permissions. IAM JSON Policy
Elements: AWS Organizations Condition Keys
45.What is the purpose of the "IAM Password Policy Report"?
a. To view IAM users' password policies
b. To view IAM password changes
c. To view IAM users' login activity
d. There is no such report in AWS IAM
Answer: a. To view
IAM users' password policies
Explanation: As of
the last knowledge update, there is no specific "IAM Password
Policy Report" in AWS IAM.
46.How can you enforce the use of multi-factor authentication
(MFA) for IAM users in the AWS Management Console?
a. By attaching the "IAMEnforceMFAPolicy" policy
b. By configuring the "Enable MFA" option in IAM users'
settings
c. By using IAM conditions
d. By configuring the AWS Management Console
Answer: b. By
configuring the "Enable MFA" option in IAM users' settings
Explanation: The
"Enable MFA" option in IAM users' settings can be configured to
enforce MFA for IAM users in the AWS Management Console. Enabling MFA Devices
47.What is the purpose of the "IAM Policy Versioning"
feature?
a. To create backups of IAM policies
b. To track changes to IAM policies over time
c. To roll back to previous versions of IAM policies
d. To enable cross-account access
Answer: c. To roll
back to previous versions of IAM policies
Explanation: IAM
Policy Versioning allows you to roll back to previous versions
of IAM policies. IAM Policy Versioning
48.How can you grant permissions to an IAM user based on their
membership in an AWS resource group?
a. By using IAM conditions
b. By using IAM policies
c. By configuring AWS Resource Access Manager (RAM)
policies
d. By using IAM roles
Answer: a. By using IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including membership
in AWS resource groups, for granting permissions. IAM JSON
Policy Elements: Resource Groups Condition Keys
49.What is the purpose of the "IAM Entity Usage" feature in
AWS?
a. To track IAM user login activity
b. To track the usage of IAM roles
c. To track the usage of IAM policies
d. To track IAM entity assumptions
Answer: d. To track
IAM entity assumptions
Explanation: IAM
Entity Usage allows you to track the assumptions of IAM
entities, including users, roles, and groups. IAM Entity Usage
50.How can you grant permissions to an IAM user based on their
AWS usage and cost?
a. By using IAM conditions
b. By using AWS Budgets
c. By using IAM policies
d. By using AWS Cost Explorer
Answer: a. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including AWS usage
and cost, for granting permissions. IAM JSON Policy Elements:
AWS Usage and Cost Condition Keys
51.What is the purpose of the "IAM Credential Rotation"
feature?
a. To rotate IAM user passwords automatically
b. To rotate IAM access keys automatically
c. To rotate IAM roles automatically
d. To rotate IAM policies automatically
Answer: b. To
rotate IAM access keys automatically
Explanation: IAM
Credential Rotation allows you to rotate IAM access keys
automatically. IAM Credential Rotation
52.How can you grant permissions to an IAM user based on their
SSL certificate status?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS Certificate Manager policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including SSL
certificate status, for granting permissions. IAM JSON Policy
Elements: AWS Certificate Manager Condition Keys
53.What is the purpose of the "IAM Policy Change History"
feature?
a. To track IAM user login activity
b. To track changes to IAM policies over time
c. To track changes to IAM roles over time
d. To track changes to IAM groups over time
Answer: b. To track
changes to IAM policies over time
Explanation: IAM
Policy Change History allows you to track changes to IAM
policies over time. IAM Policy Change History
54.How can you grant permissions to an IAM user based on their
AWS Key Management Service (KMS) key usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS KMS policies
d. By using IAM roles
Answer:b. By using IAM conditions
Explanation: IAM conditions can be used to specify criteria, including AWS
Key Management Service (KMS) key usage, for granting
permissions. [IAM JSON Policy Elements: AWS Key Management
Service Condition
Keys](reference_policies_condition-keys)
55. What is the purpose of the "IAM Access Advisor" feature in
AWS?
a. To track IAM user login activity
b. To provide recommendations for IAM best practices
c. To track the usage of IAM roles
d. To track changes to IAM policies over time
Answer:c. To track the usage of IAM roles
Explanation:IAM Access Advisor provides information about how IAM roles are
accessed and helps you set permissions based on actual usage.
[IAM Access
Advisor](access_policies_access-advisor)
56. How can you grant permissions to an IAM user based on their
Amazon S3 bucket ownership?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon S3 bucket policies
d. By using IAM roles
Answer:c. By configuring Amazon S3 bucket policies
Explanation:Amazon S3 bucket policies can be used to grant permissions
based on bucket ownership. [Amazon S3 Bucket Owner
Conditions](Amazon S3 Bucket Owner Conditions)
57. What is the purpose of the "IAM Last Accessed Data"
feature?
a. To track IAM user login activity
b. To track the last time IAM policies were modified
c. To track the last time IAM roles were assumed
d. To track the last time IAM entities were accessed
Answer:d. To track the last time IAM entities were accessed
Explanation:IAM Last Accessed Data tracks the last time IAM entities
(users, roles, and groups) were accessed. [IAM Last Accessed
Data](IAM Last Accessed Data)
58. How can you grant permissions to an IAM user based on their
usage of AWS CloudFormation?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS CloudFormation policies
d. By using IAM roles
Answer:b. By using IAM conditions
Explanation: IAM conditions can be used to specify criteria, including AWS
CloudFormation usage, for granting permissions. [IAM JSON Policy
Elements: AWS CloudFormation Condition
Keys](IAM JSON Policy Elements: AWS CloudFormation Condition Keys)
59. What is the purpose of the "IAM Access Analyzer" in AWS
Security Hub?
a. To analyze IAM user login activity
b. To analyze access patterns of IAM roles
c. To analyze permissions granted to AWS resources
d. To analyze IAM policy conditions
Answer: c. To
analyze permissions granted to AWS resources
Explanation:IAM Access Analyzer in AWS Security Hub is used to analyze
permissions granted to AWS resources. [IAM Access
Analyzer](IAM Access Analyzer)
60. How can you grant permissions to an IAM user based on their
AWS CloudTrail event history?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS CloudTrail policies
d. By using IAM roles
Answer:b. By using IAM conditions
Explanation: IAM conditions can be used to specify criteria, including AWS
CloudTrail event history, for granting permissions. [IAM JSON
Policy Elements: AWS CloudTrail Condition
Keys](IAM JSON Policy Elements: AWS CloudTrail Condition Keys)
61. What is the purpose of the "IAM Permissions Boundaries"
feature?
a. To set upper limits on IAM user permissions
b. To set lower limits on IAM user permissions
c. To limit the number of IAM policies attached to an IAM
user
d. To limit the number of IAM roles assumed by an IAM user
Answer: b. To set lower limits on IAM user permissions
Explanation: IAM Permissions Boundaries allow you to set the maximum
permissions a user or role can have. [IAM Permissions
Boundaries](IAM Permissions Boundaries)
62. How can you grant permissions to an IAM user based on their
AWS Lambda function usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS Lambda policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including AWS Lambda
function usage, for granting permissions. [IAM JSON Policy
Elements: AWS Lambda Condition
Keys](IAM JSON Policy Elements: AWS Lambda Condition Keys)
63. What is the purpose of the "IAM Policy Variables"
feature?
a. To define variables in IAM policies
b. To use variables in IAM policy statements
c. To create IAM policies dynamically
d. To assign values to IAM policy variables
Answer: b. To use
variables in IAM policy statements
Explanation: IAM
Policy Variables allow you to use variables in IAM policy
statements for dynamic access control. [IAM Policy Variables]
64. How can you grant permissions to an IAM user based on
their Amazon DynamoDB table usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon DynamoDB policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including Amazon
DynamoDB table usage, for granting permissions. [IAM JSON Policy
Elements: Amazon DynamoDB Condition
Keys](IAM JSON Policy Elements: Amazon DynamoDB Condition Keys)
65. What is the purpose of the "IAM Resource Groups"
feature?
a. To create groups of IAM users
b. To organize IAM roles into groups
c. To organize AWS resources into groups for IAM policies
d. To create IAM groups dynamically
Answer: c. To
organize AWS resources into groups for IAM policies
Explanation: IAM
Resource Groups allow you to organize AWS resources into groups
for IAM policies. [IAM Resource Groups](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
66. How can you grant permissions to an IAM user based on their
Amazon EC2 instance tags?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon EC2 policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including Amazon EC2
instance tags, for granting permissions. [IAM JSON Policy
Elements: Amazon EC2 Condition
Keys](IAM JSON Policy Elements: Amazon EC2 Condition Keys)
67. What is the purpose of the "IAM Attribute-Based Access
Control (ABAC)" feature?
a. To assign attributes to IAM policies
b. To control access based on user attributes
c. To create IAM policies based on user attributes
d. To define attributes for IAM users
Answer: b. To
control access based on user attributes
Explanation: IAM
Attribute-Based Access Control (ABAC) allows you to control
access based on user attributes. [IAM Attribute-Based Access
Control
(ABAC)](IAM Attribute-Based Access Control (ABAC))
68. How can you grant permissions to an IAM user based on their
Amazon RDS database usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon RDS policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including Amazon RDS
database usage, for granting permissions. [IAM JSON Policy
Elements: Amazon RDS Condition
Keys](IAM JSON Policy Elements: Amazon RDS Condition Keys)
69. What is the purpose of the "IAM Password Strength Policy"
feature?
a. To enforce secure password policies for IAM users
b. To define the complexity requirements for IAM passwords
c. To track changes to IAM passwords over time
d. To set the minimum password length for IAM users
Answer: a. To
enforce secure password policies for IAM users
Explanation: IAM
Password Strength Policy is used to enforce secure password
policies for IAM users. [IAM Password
Policies](IAM Password Policies
70. How can you grant permissions to an IAM user based on their
Amazon SNS topic usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon SNS policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation:
IAM conditions can be used to specify criteria, including
Amazon SNS topic usage, for granting permissions. [IAM JSON
Policy Elements: Amazon SNS Condition
Keys](IAM JSON Policy Elements: Amazon SNS Condition Keys)
71. What is the purpose of the "IAM Policy Precedence"
feature?
a. To determine the order of evaluation for IAM policies
b. To prioritize IAM policies based on creation date
c. To set the precedence of IAM policies for users
d. To define the hierarchy of IAM policies
Answer: a. To
determine the order of evaluation for IAM policies
Explanation: IAM
Policy Precedence is used to determine the order of evaluation
for IAM policies. [IAM Policies and
Permissions](IAM Policies and Permissions)
72. How can you grant permissions to an IAM user based on their
Amazon SQS queue usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon SQS policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including Amazon SQS
queue usage, for granting permissions. [IAM JSON Policy
Elements: Amazon SQS Condition
Keys](IAM JSON Policy Elements: Amazon SQS Condition Keys)
73. What is the purpose of the "IAM Role Trust
Relationship"?
a. To define the trust relationship between IAM roles
b. To define the trust relationship between IAM users and
roles
c. To define the trust relationship between AWS accounts
d. To define the trust relationship between IAM policies
Answer: c. To
define the trust relationship between AWS accounts
Explanation: IAM
Role Trust Relationship is used to define the trust relationship
between AWS accounts. [IAM Role Trust
Relationship](IAM Role Trust Relationship)
74. How can you grant permissions to an IAM user based on their
Amazon EKS cluster usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon EKS policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including Amazon EKS
cluster usage, for granting permissions. [IAM JSON Policy
Elements: Amazon EKS Condition
Keys](IAM JSON Policy Elements: Amazon EKS Condition Keys)
75. What is the purpose of the "IAM Policy Simultaneous
Evaluation" feature?
a. To evaluate multiple IAM policies simultaneously
b. To prevent conflicts between IAM policies
c. To control the order of evaluation for IAM policies
d. To evaluate IAM policies in a serial manner
Answer: a. To
evaluate multiple IAM policies simultaneously
Explanation: IAM
Policy Simultaneous Evaluation allows the evaluation of multiple
policies simultaneously. [IAM Policies and
Permissions](IAM Policies and Permissions)
76. How can you grant permissions to an IAM user based on their
AWS Step Functions usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS Step Functions policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including AWS Step
Functions usage, for granting permissions. [IAM JSON Policy
Elements: AWS Step Functions Condition
Keys](IAM JSON Policy Elements: AWS Step Functions Condition Keys)
77. What is the purpose of the "IAM Resource-Level Permissions"
feature?
a. To specify permissions at the resource level in IAM
policies
b. To restrict IAM users to specific resource levels
c. To create IAM policies based on resource-level criteria
d. To set resource-level boundaries for IAM entities
Answer: a. To
specify permissions at the resource level in IAM policies
Explanation:IAM Resource-Level Permissions allow you to specify
permissions at the resource level in IAM policies. [IAM JSON
Policy Elements: Resource-Level
Permissions](IAM JSON Policy Elements: Resource-Level Permissions)
78. How can you grant permissions to an IAM user based on their
Amazon Kinesis stream usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon Kinesis policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including Amazon
Kinesis stream usage, for granting permissions. [IAM JSON Policy
Elements: Amazon Kinesis Condition
Keys](IAM JSON Policy Elements: Amazon Kinesis Condition Keys)
79. What is the purpose of the "IAM Policy Validation"
feature?
a. To validate the syntax of IAM policies
b. To validate the permissions granted by IAM policies
c. To check the compatibility of IAM policies with specific
services
d. To validate the integrity of IAM policies
Answer: a. To
validate the syntax of IAM policies
Explanation: IAM
Policy Validation is used to validate the syntax of IAM
policies. [IAM Policy
Validation](IAM Policy Validation)
80. How can you grant permissions to an IAM user based on their
AWS S3 bucket ownership?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS S3 bucket policies
d. By using IAM roles
Answer: c By
configuring AWS S3 bucket policies
Explanation: AWS
S3 bucket policies can be used to grant permissions based on
bucket ownership. [Amazon S3 Bucket Owner
Conditions](Amazon S3 Bucket Owner Conditions)
81. What is the purpose of the "IAM Session Policies"
feature?
a. To define policies for temporary IAM sessions
b. To create policies for IAM users
c. To manage permissions during IAM user sessions
d. To set policies for long-term IAM user sessions
Answer: a. To
define policies for temporary IAM sessions
Explanation: IAM
Session Policies are used to define policies for temporary IAM
sessions. [IAM Session
Policies](IAM Session Policies)
82. How can you grant permissions to an IAM user based on their
AWS Glue DataBrew project usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS Glue DataBrew policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including AWS Glue
DataBrew project usage, for granting permissions. [IAM JSON
Policy Elements: AWS Glue DataBrew Condition
Keys](IAM JSON Policy Elements: AWS Glue DataBrew Condition Keys)
83. What is the purpose of the "IAM Managed Policies"
feature?
a. To create policies for IAM users
b. To create policies for IAM groups
c. To create reusable policies that you can attach to multiple IAM
entities
d. To create inline policies for IAM users
Answer: c. To
create reusable policies that you can attach to multiple IAM
entities
Explanation: IAM Managed Policies are policies that you can create and
manage independently from your IAM users, groups, and roles.
[IAM Managed
Policies](IAM Managed Policies)
84. How can you grant permissions to an IAM user based on their
AWS Glue job usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS Glue job policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including AWS Glue
job usage, for granting permissions. [IAM JSON Policy Elements:
AWS Glue Condition
Keys](IAM JSON Policy Elements: AWS Glue Condition Keys)
85. What is the purpose of the "IAM Policy Summaries"
feature?
a. To view summaries of IAM policies
b. To view summaries of IAM user permissions
c. To view summaries of IAM roles
d. To view summaries of IAM user login activity
Answer: a. To view
summaries of IAM policies
Explanation: IAM
Policy Summaries allow you to view summaries of IAM policies.
[IAM Policy
Summaries](IAM Policy Summaries)
86. How can you grant permissions to an IAM user based on their
Amazon Connect instance usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon Connect policies
d. By using IAM roles
Answer:
b. By using IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including Amazon
Connect instance usage, for granting permissions. [IAM JSON
Policy Elements: Amazon Connect Condition
Keys](IAM JSON Policy Elements: Amazon Connect Condition Keys)
87. What is the purpose of the "IAM Policy Permission
Boundaries" feature?
a. To set the maximum permissions a user or role can have
b. To set the minimum permissions a user or role can have
c. To control access based on the location of IAM users
d. To control access based on user attributes
Answer: a. To set
the maximum permissions a user or role can have
Explanation: IAM
Policy Permission Boundaries allow you to set the maximum
permissions a user or role can have. [IAM Policy Permission
Boundaries](IAM Policy Permission Boundaries)
88. How can you grant permissions to an IAM user based on their
AWS CodeBuild project usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS CodeBuild policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including AWS
CodeBuild project usage, for granting permissions. [IAM JSON
Policy Elements: AWS CodeBuild Condition
Keys](IAM JSON Policy Elements: AWS CodeBuild Condition Keys)
89. What is the purpose of the "IAM Policy Access Analyzer"
feature?
a. To analyze permissions granted by IAM policies
b. To analyze IAM user login activity
c. To analyze the usage of IAM roles
d. To analyze changes to IAM policies over time
Answer: a. To
analyze permissions granted by IAM policies
Explanation: IAM
Policy Access Analyzer is used to analyze permissions granted by
IAM policies. [IAM Policy Access
Analyzer](IAM Policy Access Analyzer)
90. How can you grant permissions to an IAM user based on
their Amazon S3 bucket versioning status?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon S3 bucket policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including Amazon S3
bucket versioning status, for granting permissions. [IAM JSON
Policy Elements: Amazon S3 Condition
Keys](IAM JSON Policy Elements: Amazon S3 Condition Keys)
91. What is the purpose of the "IAM Role Name"?
a. To uniquely identify IAM users
b. To uniquely identify IAM roles
c. To specify the username for IAM users
d. To specify the role name for IAM policies
Answer: b. To
uniquely identify IAM roles
Explanation: IAM
Role Name is used to uniquely identify IAM roles. [IAM
Roles](IAM Roles)
92. How can you grant permissions to an IAM user based on their
Amazon Redshift cluster usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon Redshift policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including Amazon
Redshift cluster usage, for granting permissions. [IAM JSON
Policy Elements: Amazon Redshift Condition
Keys](IAM JSON Policy Elements: Amazon Redshift Condition Keys)
93. What is the purpose of the "IAM Policy Roles" feature?
a. To assign IAM roles to IAM users
b. To manage IAM roles
c. To view IAM roles associated with policies
d. To create IAM roles dynamically
Answer: c. To view
IAM roles associated with policies
Explanation: IAM
Policy Roles allow you to view IAM roles associated with
policies. [IAM Policy
Roles](IAM Policy Roles)
94. How can you grant permissions to an IAM user based on their
AWS Elastic Beanstalk environment usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS Elastic Beanstalk policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including AWS
Elastic Beanstalk environment usage, for granting permissions.
[IAM JSON Policy Elements: AWS Elastic Beanstalk Condition
Keys](IAM JSON Policy Elements: AWS Elastic Beanstalk Condition Keys)
95. What is the purpose of the "IAM Policy Resource Types"
feature?
a. To specify the types of resources to which IAM policies
apply
b. To categorize IAM policies based on resource types
c. To limit the number of resource types in IAM policies
d. To define the hierarchy of resource types in IAM
policies
Answer: a. To
specify the types of resources to which IAM policies apply
Explanation: IAM
Policy Resource Types allow you to specify the types of
resources to which IAM policies apply. [IAM JSON Policy
Elements: Resource
Types](IAM JSON Policy Elements: Resource Types)
96. How can you grant permissions to an IAM user based on their
Amazon S3 bucket encryption status?
a. By using IAM policies
b. By using IAM conditions
c. By configuring Amazon S3 bucket policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including Amazon S3
bucket encryption status, for granting permissions. [IAM JSON
Policy Elements: Amazon S3 Condition
Keys](IAM JSON Policy Elements: Amazon S3 Condition Keys)
97. What is the purpose of the "IAM Policy Resource Tags"
feature?
a. To specify tags for IAM policies
b. To apply tags to IAM users
c. To control access based on resource tags in IAM policies
d. To limit the number of tags in IAM policies
Answer: c. To
control access based on resource tags in IAM policies
Explanation: IAM
Policy Resource Tags allow you to control access based on
resource tags in IAM policies. [IAM JSON Policy Elements:
Resource
Tags](IAM JSON Policy Elements: Resource Tags)
98. How can you grant permissions to an IAM user based on their
AWS Key Management Service (KMS) key creation date?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS KMS policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including AWS Key
Management Service (KMS) key creation date, for granting
permissions. [IAM JSON Policy Elements: AWS Key Management
Service Condition
Keys](IAM JSON Policy Elements: AWS Key Management Service Condition Keys)
99. What is the purpose of the "IAM Policy Policy Actions"
feature?
a. To specify actions for IAM policies
b. To categorize IAM policies based on actions
c. To limit the number of actions in IAM policies
d. To define the hierarchy of actions in IAM policies
Answer: a. To
specify actions for IAM policies
Explanation: IAM
Policy Actions allow you to specify actions for IAM policies.
[IAM JSON Policy Elements:
Actions](IAM JSON Policy Elements: Actions)
100. How can you grant permissions to an IAM user based on their
AWS Direct Connect usage?
a. By using IAM policies
b. By using IAM conditions
c. By configuring AWS Direct Connect policies
d. By using IAM roles
Answer: b. By using
IAM conditions
Explanation: IAM
conditions can be used to specify criteria, including AWS Direct
Connect usage, for granting permissions. [IAM JSON Policy
Elements: AWS Direct Connect Condition
Keys](IAM JSON Policy Elements: AWS Direct Connect Condition Keys)
