0
0
AWScloud~20 mins

Assuming roles for temporary access in AWS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
RoleAssumerMaster
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
What is the duration of temporary credentials when assuming a role with AWS STS by default?
When you use AWS Security Token Service (STS) to assume a role without specifying the duration, how long do the temporary credentials last by default?
A12 hours
B1 hour and 15 minutes
C1 hour
D15 minutes
Attempts:
2 left
💡 Hint
Think about the default session duration for AssumeRole API calls.
security
intermediate
2:00remaining
Which AWS policy element allows a user to assume a specific role?
To allow a user to assume an IAM role, which policy action must be included in the user's permissions?
A"sts:AssumeRole"
B"iam:PassRole"
C"iam:AssumeRolePolicy"
D"sts:GetSessionToken"
Attempts:
2 left
💡 Hint
Look for the STS action that grants role assumption capability.
Architecture
advanced
2:00remaining
Which trust policy snippet correctly allows an EC2 instance to assume a role?
Given an IAM role trust policy, which snippet correctly allows EC2 instances to assume the role?
A{ "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" }
B{ "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:user/EC2User" }, "Action": "sts:AssumeRole" }
C{ "Effect": "Allow", "Principal": { "Service": "ecs.amazonaws.com" }, "Action": "sts:AssumeRole" }
D{ "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" }
Attempts:
2 left
💡 Hint
Which AWS service represents EC2 in trust policies?
Best Practice
advanced
2:00remaining
What is the recommended maximum session duration for an IAM role to minimize risk?
To reduce security risks, what is the best practice for setting the maximum session duration for an IAM role?
ASet maximum session duration to 1 hour or less to limit exposure of temporary credentials
BSet maximum session duration to 12 hours to reduce frequent re-authentication
CSet maximum session duration to 24 hours for convenience
DSet maximum session duration to 7 days to avoid interruptions
Attempts:
2 left
💡 Hint
Shorter sessions reduce the window for compromised credentials.
🧠 Conceptual
expert
2:00remaining
What happens if you try to assume a role with an expired session token?
If you use AWS STS to assume a role but provide an expired session token, what is the expected behavior?
AThe AssumeRole call succeeds but credentials are invalid when used
BThe AssumeRole call fails with an "ExpiredToken" error
CThe AssumeRole call succeeds and returns new credentials ignoring the expired token
DThe AssumeRole call returns credentials with reduced permissions
Attempts:
2 left
💡 Hint
Expired tokens cannot be used to get new credentials.