Challenge your understanding of cloud-based Identity and Access Management (IAM) principles, security practices, and real-world scenarios. This quiz helps you sharpen your knowledge of IAM concepts, policy types, authentication factors, and user management roles in the cloud.
Which principle should you follow to ensure that users in a cloud environment only have the necessary permissions to perform their job functions, and nothing more?
Explanation: The principle of least privilege ensures users only get the minimum permissions they require. This reduces risk and limits the potential impact of compromised accounts. 'Need-to-Know Basis' is related but more focused on information sharing, not all permissions. 'Complete Access' and 'All-Access Policy' grant unnecessary rights, increasing vulnerability and violating security best practices.
What is a key benefit of implementing multi-factor authentication (MFA) for cloud users who log in from multiple devices?
Explanation: MFA adds an extra layer of security, helping prevent unauthorized access even if a password is stolen. It does not eliminate the need for passwords, though in some advanced cases it can reduce their reliance. MFA does not give guest user access nor does it always simplify password requirements. Its main value lies in decreasing the chance of account compromise.
In a cloud environment, what type of policy defines permissions for a specific group rather than for an individual user?
Explanation: A group policy sets permissions for all users who are part of a defined group, streamlining access management for teams with similar roles. Role-based policies are related but focus on abstract roles rather than group memberships. Resource policies apply to specific resources, and user policies grant permissions to individual accounts. Group policies specifically target user collections.
A company wants to give a contractor access to its cloud storage for two weeks without creating a permanent account. Which IAM feature is most appropriate for this scenario?
Explanation: Temporary credentials allow time-limited access, perfect for contractors or third parties who don't need ongoing access. Password rotation is for regularly changing passwords to existing accounts, not creating new temporary ones. Granting root user access is risky and not advised for short-term access. Account mirroring is not a standard IAM term and does not serve this purpose.
Why is it important to regularly conduct access reviews and user attestations in a cloud IAM environment?
Explanation: Regular access reviews and user attestations help verify that permissions are up to date and aligned with users’ actual job roles, reducing unnecessary access. This does not increase network traffic, nor is the primary goal to produce audit reports. Assigning random permissions would create security risks and is never a recommended practice.