0
0
AWScloud~20 mins

IAM best practices in AWS - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
IAM Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
security
intermediate
2:00remaining
IAM Policy Scope Restriction

You have an IAM policy that allows full access to all S3 buckets. Which option correctly restricts access to only the bucket named my-company-data?

A{"Effect": "Allow", "Action": "s3:*", "Resource": ["arn:aws:s3:::my-company-data", "arn:aws:s3:::my-company-data/*"]}
B{"Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::*"}
C{"Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::my-company-data"}
D{"Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::my-company-data/*", "Condition": {"StringEquals": {"s3:prefix": "*"}}}
Attempts:
2 left
💡 Hint

Think about the difference between bucket and object ARNs in S3.

Best Practice
intermediate
1:30remaining
IAM User vs Role Usage

Which option best describes when to use an IAM role instead of an IAM user?

AUse IAM users for applications running on EC2 instances needing AWS access.
BUse IAM roles only for human users logging in to AWS Console.
CUse IAM users for temporary access to AWS resources.
DUse IAM roles for applications running on EC2 instances needing AWS access.
Attempts:
2 left
💡 Hint

Think about temporary credentials and automatic rotation.

Architecture
advanced
2:30remaining
Designing Least Privilege Access

You need to design IAM policies for a team that manages EC2 instances but should not modify S3 buckets. Which approach follows the least privilege principle?

ACreate a policy allowing all EC2 actions and deny all S3 actions explicitly.
BCreate a policy allowing only necessary EC2 actions and do not include any S3 permissions.
CCreate a policy allowing all EC2 and S3 actions but monitor usage with CloudTrail.
DCreate a policy allowing all EC2 actions and grant read-only access to S3 buckets.
Attempts:
2 left
💡 Hint

Least privilege means granting only what is needed, nothing more.

service_behavior
advanced
1:30remaining
Effect of MFA on IAM User Access

An IAM user has a policy that requires MFA for deleting S3 buckets. What happens if the user tries to delete a bucket without MFA?

AThe delete request triggers an alert but is allowed.
BThe delete request succeeds because the user has delete permissions.
CThe delete request is denied because MFA was not used.
DThe delete request is logged but allowed without MFA.
Attempts:
2 left
💡 Hint

Consider how MFA conditions affect permission evaluation.

🧠 Conceptual
expert
3:00remaining
Cross-Account Access with IAM Roles

You want to allow an IAM user in Account A to access resources in Account B using an IAM role. Which configuration is required in Account B's role trust policy?

AThe trust policy must allow the AWS account ID of Account A as a principal.
BThe trust policy must allow the IAM role ARN from Account A as a principal.
CThe trust policy must allow the IAM group ARN from Account A as a principal.
DThe trust policy must allow the IAM user ARN from Account A as a principal.
Attempts:
2 left
💡 Hint

Think about how trust policies specify principals for cross-account roles.