IAM and Security Management Flashcards
AWS Certified CloudOps Engineer Associate SOA-C03 Flashcards
| Front | Back |
| What does a Deny statement in an IAM policy do | Explicitly prevents users from performing specified actions |
| What does IAM stand for | Identity and Access Management |
| What does the term "key rotation" refer to | The process of periodically changing cryptographic keys to maintain security |
| What is a Security Incident Response Plan | A documented strategy to manage and recover from security breaches |
| What is an IAM policy | A JSON document that defines permissions for users, groups, or roles in IAM |
| What is Multi-Factor Authentication (MFA) | An authentication method that requires multiple forms of verification to prove identity |
| What is the difference between an IAM User and an IAM Role | Users are identities for individuals, while Roles are temporary identities for tasks or applications |
| What is the function of IAM service-linked roles | To allow cloud services to manage resources on behalf of users securely |
| What is the main purpose of access keys | To allow programmatic access to cloud services for users and applications |
| What is the principle of least privilege | Granting users only the permissions they need to perform their job functions |
| What is the purpose of a WAF (Web Application Firewall) | To protect applications from common web threats like SQL injection and XSS |
| What is the purpose of an audit trail in security management | To track and log access and activity for detecting unauthorized actions |
| What is the purpose of cloud resource tagging in security management | To organize and track access policies and resource ownership |
| What is the shared responsibility model in cloud security | A model where cloud providers manage the infrastructure security while customers handle data and application security |
| What should you do with unused IAM User accounts | Disable or delete them to reduce the attack surface |
| What should you monitor to ensure IAM security | Logins, permission changes, and usage of elevated privileges |
| What type of access is granted by default in IAM | Deny, unless explicitly allowed |
| Why is least privilege considered a best practice | It reduces the risk of malicious or accidental misuse of permissions |
| Why is role-based access control (RBAC) important | It simplifies access management by assigning permissions to roles rather than individuals |
| Why should you rotate access keys regularly | To minimize the risk of key compromise |
About the Flashcards
Flashcards for the AWS Certified CloudOps Engineer Associate exam give you a quick way to master the security building blocks tested on the exam. Review essential Identity and Access Management (IAM) terms such as users, roles, policies, access keys, and service-linked roles. Reinforce core principles like least privilege, role-based access control, and the default deny stance.
These cards also cover day-to-day operational safeguards-MFA implementation, key rotation, audit trails, tagging, and monitoring-as well as strategic topics like the shared responsibility model, security incident response planning, and Web Application Firewalls. Use them to sharpen recognition of concepts, clarify best practices, and confidently answer exam questions under time pressure.
Topics covered in this flashcard deck:
- Identity & Access Management
- Least Privilege & RBAC
- MFA & Authentication
- IAM Policies & Access Keys
- Security Logging & Auditing
- Cloud Security Responsibilities