Answer Sheet of Questions Bank-01

IAM (Identity and Access Management)

1.Scenario:
A company has multiple development teams, each working on different AWS projects. They
need to ensure that each team can manage its resources independently. What IAM feature
should be used to achieve this?

Question:
How can you enable multiple development teams to manage their AWS resources independently
while maintaining security?

a. IAM Roles
b. IAM Policies
c. IAM Users
d. IAM Groups

Correct Answer:
b. IAM Policies
Explanation:
IAM Policies allow you to define permissions and access control for different development teams. Each team can
have a policy specifying the resources they are allowed to manage, providing independence while maintaining
security.

2.Scenario:
An organization wants to grant external partners temporary access to specific AWS resources.
Which IAM feature would be the most secure and scalable solution for this requirement?

Question:
What is the recommended IAM feature to grant temporary access to external partners for
specific AWS resources?

a. IAM Users
b. IAM Policies
c. IAM Roles with Temporary Credentials
d. IAM Groups with Time-Limited Permissions

Correct Answer:
c. IAM Roles with Temporary Credentials
Explanation:
IAM Roles with temporary credentials provide a secure way to grant temporary access without sharing access keys.
External partners assume these roles to access specific resources for a limited time.

Prepared by :
Safayat Hosen Mishu
A cloud technology enthusiast
Email: [email protected]
 Answer Sheet of Questions Bank-01

3.Scenario:
A company is planning to migrate its on-premises applications to AWS. They want to ensure a
seamless transition without compromising security. What IAM feature should be utilized during
this migration?

Question:
What IAM best practice should be followed to ensure a secure migration of on-premises
applications to AWS?

a. IAM Users with Access Keys

b. IAM Roles with Cross-Account Permissions
c. IAM Policies with Public Access
d. IAM Groups with External Trusts

Correct Answer:
b. IAM Roles with Cross-Account Permissions

Explanation:
IAM Roles with cross-account permissions enable secure cross-account access. During migration, applications can
assume roles in the target AWS account without compromising security.

4.Scenario:
A business-critical application requires access to AWS services without storing long-term
credentials. What IAM feature provides temporary security credentials for applications running
on Amazon EC2 instances?

Question:
How can you securely provide temporary security credentials for applications running on
Amazon EC2 instances accessing AWS services?

a. IAM Policies
b. IAM Users with Access Keys
c. IAM Roles for EC2 Instances
d. IAM Groups with Cross-Account Access

Correct Answer:
c. IAM Roles for EC2 Instances

Explanation:
IAM Roles for EC2 Instances allow applications running on EC2 to request temporary security credentials without
embedding long-term access keys, enhancing security.

Prepared by :
Safayat Hosen Mishu
A cloud technology enthusiast
Email: [email protected]
 Answer Sheet of Questions Bank-01

5.Scenario:
An organization wants to implement fine-grained access control for S3 buckets based on user
roles. What IAM component should be used to define and manage these access control
policies?

Question:
For fine-grained access control of S3 buckets based on user roles, which IAM component
should be used?

a. IAM Users
b. IAM Roles
c. IAM Policies
d. IAM Groups

Correct Answer:
c. IAM Policies

Explanation:
IAM Policies define fine-grained access control for S3 buckets based on user roles. Policies can be attached to users
or roles to specify the actions allowed on specific resources.

6.Scenario:
A company is concerned about unauthorized changes to IAM policies. What IAM feature can
help track and review changes to policies?

Question:
How can you track and review changes made to IAM policies for improved security and
auditing?

a. AWS CloudTrail
b. AWS Config
c. AWS IAM Inspector
d. AWS Identity Monitor

Correct Answer:
a. AWS CloudTrail

Explanation:
AWS CloudTrail records API calls, including changes to IAM policies. Reviewing CloudTrail logs helps track and audit
changes made to IAM policies for security and compliance.

Prepared by :
Safayat Hosen Mishu
A cloud technology enthusiast
Email: [email protected]
 Answer Sheet of Questions Bank-01

7.Scenario:
An organization is dealing with a large number of IAM users, and they want to simplify user
management by assigning permissions to groups. What IAM feature allows for this simplified
management approach?

Question:
To simplify user management and assign permissions to multiple users at once, which IAM
feature should be used?

a. IAM Policies
b. IAM Roles
c. IAM Users
d. IAM Groups

Correct Answer:
d. IAM Groups

Explanation:
IAM Groups allow you to organize users and assign permissions to multiple users simultaneously. This simplifies
user management and ensures consistent permissions.

8.Scenario:
A company needs to provide temporary access to AWS resources for a third-party application.
What IAM mechanism allows the secure delegation of permissions without sharing access
keys?

Question:
When providing temporary access to AWS resources for a third-party application, what IAM
mechanism should be used to avoid sharing access keys?

a. IAM Policies
b. IAM Roles
c. IAM Users
d. IAM Trust Relationships

Correct Answer:
b. IAM Roles

Explanation:
IAM Roles provide temporary security credentials for third-party applications without the need to share access keys,
ensuring secure and scalable access.

Prepared by :
Safayat Hosen Mishu
A cloud technology enthusiast
Email: [email protected]
 Answer Sheet of Questions Bank-01

9.Scenario:
An organization is using AWS Organizations to manage multiple AWS accounts. What IAM
feature allows cross-account access and resource sharing?

Question:
To enable cross-account access and resource sharing within AWS Organizations, which IAM
feature should be utilized?

a. IAM Policies
b. IAM Roles
c. IAM Users
d. IAM Trusts

Correct Answer:
b. IAM Roles

Explanation:
IAM Roles with cross-account access allow for secure resource sharing and cross-account access within AWS
Organizations, providing flexibility and control.

10.Scenario:
A company wants to restrict access to certain AWS resources based on the source IP address.
What IAM feature should be used to enforce this security measure?

Question:
To restrict access to specific AWS resources based on source IP address, which IAM feature
should be implemented?

a. IAM Policies
b. IAM Roles
c. IAM Users with MFA
d. IAM Conditions

Correct Answer:
d. IAM Conditions

Explanation:
IAM Conditions allow you to add restrictions, such as source IP address, to IAM policies, providing granular control
over access to specific AWS resources.

Prepared by :
Safayat Hosen Mishu
A cloud technology enthusiast
Email: [email protected]
 Answer Sheet of Questions Bank-01

11.Scenario:
A large organization has multiple AWS accounts for different departments. They want to
centralize user authentication to a single AWS account. What IAM feature supports this
centralized authentication?

Question:
For a large organization with multiple AWS accounts, what IAM feature allows centralizing user
authentication to a single AWS account?

a. IAM Policies
b. IAM Roles
c. IAM Users
d. IAM Federation

Correct Answer:
d. IAM Federation

Explanation:
IAM Federation allows centralized user authentication across multiple AWS accounts, enhancing security and
simplifying user management.

12.Scenario:
A company has a requirement to rotate access keys regularly to enhance security. What IAM
best practice should be followed to automate the access key rotation process?

Question:
How can you automate the rotation of AWS IAM access keys to enhance security?

a. Use AWS Lambda with CloudWatch Events

b. Manually rotate access keys every month
c. Enable automatic access key rotation in IAM settings
d. Create a new IAM user for each access key rotation

Correct Answer:
a. Use AWS Lambda with CloudWatch Events

Explanation:
Using AWS Lambda with CloudWatch Events allows you to automate access key rotation, improving security by
regularly updating access keys.

Prepared by :
Safayat Hosen Mishu
A cloud technology enthusiast
Email: [email protected]
 Answer Sheet of Questions Bank-01

13.Scenario:
An organization is deploying an application that requires AWS resources to interact with each
other securely. What IAM feature facilitates secure communication between AWS resources?

Question:
What IAM feature facilitates secure communication between AWS resources within an
application?

a. IAM Policies
b. IAM Roles
c. IAM Users
d. IAM Trust Relationships

Correct Answer:
b. IAM Roles

Explanation:
IAM Roles facilitate secure communication between AWS resources by allowing one resource to assume a role and
obtain temporary credentials for access.

14.Scenario:
A company wants to grant temporary access to their AWS environment for external consultants.
What IAM feature provides a secure way to grant temporary permissions without creating new
IAM users?

Question:
How can you securely grant temporary access to AWS resources for external consultants
without creating new IAM users?

a. IAM Policies
b. IAM Roles
c. IAM Users with Limited Permissions
d. IAM Groups with External Trusts

Correct Answer:
b. IAM Roles

Explanation:
IAM Roles provide a secure way to grant temporary access without creating new IAM users. External consultants can
assume roles for the required permissions.

Prepared by :
Safayat Hosen Mishu
A cloud technology enthusiast
Email: [email protected]
 Answer Sheet of Questions Bank-01

15.Scenario:
A company is implementing a least privilege access strategy and wants to minimize the number
of IAM permissions granted to users. What IAM feature allows for fine-grained control over
permissions?

Question:
To implement a least privilege access strategy and minimize the number of IAM permissions
granted to users, which IAM feature should be used?

a. IAM Policies
b. IAM Roles
c. IAM Users
d. IAM Conditions

Correct Answer:
a. IAM Policies

Explanation:
IAM Policies allow for fine-grained permissions in a multi-tier web application, enabling the principle of least privilege
to be applied.

16.Scenario:
An organization is creating a disaster recovery plan for their AWS environment. What IAM best
practice should be followed to ensure the plan's success?

Question:
When creating a disaster recovery plan for an AWS environment, what IAM best practice should
be followed?

a. Regularly update IAM Policies

b. Backup IAM Users
c. Implement IAM Roles with cross-account access
d. Use IAM Users for all permissions

Correct Answer:
c. Implement IAM Roles with cross-account access

Explanation:
Implementing IAM Roles with cross-account access ensures secure disaster recovery planning, allowing necessary
permissions without compromising security.

Prepared by :
Safayat Hosen Mishu
A cloud technology enthusiast
Email: [email protected]
 Answer Sheet of Questions Bank-01

17.Scenario:
A company wants to enforce password policies for IAM users to enhance security. What IAM
feature allows for the implementation of password policies?

Question:
To enforce password policies for IAM users and enhance security, which IAM feature should be
used?

a. IAM Policies
b. IAM Roles
c. IAM Users
d. IAM Password Policies

Correct Answer:
d. IAM Password Policies

Explanation:
IAM Password Policies allow organizations to enforce password policies, enhancing security for IAM users accessing
AWS services.

18.Scenario:
An organization is using AWS Directory Service for Microsoft Active Directory integration. What
IAM feature enables users to sign in to the AWS Management Console using their AD
credentials?

Question:
In an AWS environment integrated with AWS Directory Service for Microsoft Active Directory,
what IAM feature enables users to sign in to the AWS Management Console using their AD
credentials?

a. IAM Policies
b. IAM Roles
c. IAM Users
d. IAM Federation

Correct Answer:
d. IAM Federation

Explanation:
IAM Federation enables users to sign in to the AWS Management Console using their AD credentials when integrated
with AWS Directory Service for Microsoft Active Directory.

Prepared by :
Safayat Hosen Mishu
A cloud technology enthusiast
Email: [email protected]
 Answer Sheet of Questions Bank-01

19.Scenario:
A company is deploying an application with different components running on EC2 instances.
What IAM feature allows EC2 instances to securely interact with other AWS services without
storing long-term credentials?

Question:
For an application with EC2 instances needing secure interaction with other AWS services, what
IAM feature should be used to avoid storing long-term credentials?

a. IAM Policies
b. IAM Roles for EC2 Instances
c. IAM Users with Access Keys
d. IAM Groups with Cross-Account Access

Correct Answer:
b. IAM Roles for EC2 Instances

Explanation:
IAM Roles for EC2 Instances allow applications running on EC2 to obtain temporary credentials securely without
storing long-term access keys.

20.Scenario:
An organization has a multi-tier web application where each tier requires specific permissions.
What IAM component should be used to grant permissions based on the principle of least
privilege?

Question:
To implement the principle of least privilege in a multi-tier web application, which IAM
component should be used for fine-grained permissions?

a. IAM Policies
b. IAM Roles
c. IAM Users
d. IAM Groups

Correct Answer:
a. IAM Policies

Explanation:
IAM Policies allow for fine-grained permissions in a multi-tier web application, supporting the implementation of the
principle of least privilege.

Prepared by :
Safayat Hosen Mishu
A cloud technology enthusiast
Email: [email protected]
 Answer Sheet of Questions Bank-01

21.Scenario:
You are tasked with securing an AWS environment. The organization requires users to have
temporary access to AWS resources for a specific period. How can you achieve this using IAM?

Question:
What AWS IAM feature allows you to grant temporary access to AWS resources with a specific
timeframe?

a. IAM Policies
b. IAM Roles (Answer)
c. IAM Users
d. IAM Groups

22.Scenario:
A company wants to enforce Multi-Factor Authentication (MFA) for all IAM users. What is the
recommended way to achieve this?

Question:
How can you enforce Multi-Factor Authentication (MFA) for AWS IAM users?

a. Attach an MFA policy to each IAM user

b. Enable MFA in IAM settings (Answer)
c. Use IAM roles for MFA enforcement
d. Configure MFA in AWS S3 bucket policies
​

Prepared by :
Safayat Hosen Mishu
A cloud technology enthusiast
Email: [email protected]