What best describes IAM roles vs policies and how to implement least-privilege access?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the CompTIA Cloud+ exam. Enhance your skills with flashcards and multiple choice questions, each supported by hints and explanations. Prepare effectively for your certification!

Multiple Choice

What best describes IAM roles vs policies and how to implement least-privilege access?

Explanation:
Understanding how IAM uses policies and roles is key to enforcing least-privilege access. Policies are the actual permission rules that specify which actions on which resources are allowed and under what conditions. Roles are containers that bundle a set of those permissions and can be assumed by users, groups, or services, so you don’t have to grant every individual permission to each person. To implement least-privilege, attach only the smallest, tightly scoped policies to the appropriate roles or identities—granting just the permissions needed for the task. Use groups to manage access for multiple users efficiently and service principals for applications, which helps keep permissions centralized and auditable. Regularly review and prune permissions to remove anything unnecessary, and rotate credentials as needed. The idea here is that permissions come from policies, roles provide a reusable bundle of those permissions for identities to assume, and the goal is to keep access as narrow as possible while maintaining the ability to perform required work.

Understanding how IAM uses policies and roles is key to enforcing least-privilege access. Policies are the actual permission rules that specify which actions on which resources are allowed and under what conditions. Roles are containers that bundle a set of those permissions and can be assumed by users, groups, or services, so you don’t have to grant every individual permission to each person.

To implement least-privilege, attach only the smallest, tightly scoped policies to the appropriate roles or identities—granting just the permissions needed for the task. Use groups to manage access for multiple users efficiently and service principals for applications, which helps keep permissions centralized and auditable. Regularly review and prune permissions to remove anything unnecessary, and rotate credentials as needed.

The idea here is that permissions come from policies, roles provide a reusable bundle of those permissions for identities to assume, and the goal is to keep access as narrow as possible while maintaining the ability to perform required work.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy