CLOUD COMPUTING
IDENTITY ACCESS MANAGEMENT
|
Question
[CLICK ON ANY CHOICE TO KNOW THE RIGHT ANSWER]
|
|
|
Change the password and MFA settings for the root account
|
|
|
Delete and re-create all existing IAM policies
|
|
|
Change he passwords for all your IAM users
|
|
|
Delete the former employee’s own IAM user (within the company account)
|
Detailed explanation-1: -It would make it difficult to track which account user is responsible for specific actions. Since root has full permissions over your account resources, an account compromise at the hands of hackers would be catastrophic.
Detailed explanation-2: -To get started using IAM to manage permissions for AWS services and resources, create an IAM role and grant it permissions. For workforce users, create a role that can be assumed by your identity provider. For systems, create a role that can be assumed by the service you are using, such as Amazon EC2 or AWS Lambda.
Detailed explanation-3: -You can allow users from one AWS account to access resources in another AWS account. To do this, create a role that defines who can access it and what permissions it grants to users that switch to it.
Detailed explanation-4: -Federated users don’t have permanent identities in your AWS account the way that IAM users do. To assign permissions to federated users, you can create an entity referred to as a role and define permissions for the role.