AWS SECURITY - Domain 4 - 50X - QUESTIONS and ANSWERS

# AWS SECURITY - Domain 4 - 50X - QUESTIONS and ANSWERS   ## Domain 4: Identity and Access Management ### Task Statement 4.1: Design, implement, and troubleshoot authentication for AWS resources. **Knowledge of:** - 4.1.1 Methods and services for creating and managing identities (for example, federation, identity providers, AWS IAM Identity Center [AWS Single Sign-On], Amazon Cognito) - 4.1.2 Long-term and temporary credentialing mechanisms - 4.1.3 How to troubleshoot authentication issues (for example, by using CloudTrail, IAM Access Advisor, and IAM policy simulator) **Skills in:** - 4.1.4 Establishing identity through an authentication system, based on requirements - 4.1.5 Setting up multi-factor authentication (MFA) - 4.1.6 Determining when to use AWS Security Token Service (AWS STS) to issue temporary credentials ## Task Statement 4.2: Design, implement, and troubleshoot authorization for AWS resources. **Knowledge of:** - 4.2.1 Different IAM policies (for example, managed policies, inline policies, identity-based policies, resource-based policies, session control policies) - 4.2.2 Components and impact of a policy (for example, Principal, Action, Resource, Condition) - 4.2.3 How to troubleshoot authorization issues (for example, by using CloudTrail, IAM Access Advisor, and IAM policy simulator) **Skills in:** - 4.2.4 Constructing attribute-based access control (ABAC) and role-based access control (RBAC) strategies - 4.2.5 Evaluating IAM policy types for given requirements and workloads - 4.2.6 Interpreting an IAM policy’s effect on environments and workloads - 4.2.7 Applying the principle of least privilege across an environment - 4.2.8 Enforcing proper separation of duties - 4.2.9 Analyzing access or authorization errors to determine cause or effect - 4.2.10 Investigating unintended permissions, authorization, or privileges granted to a resource, service, or entity

There are no comments yet.

Please log in to write the first comment.