Which option best describes using IAM groups and service principals to enable least-privilege access?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the CompTIA Cloud+ exam. Enhance your skills with flashcards and multiple choice questions, each supported by hints and explanations. Prepare effectively for your certification!

Multiple Choice

Which option best describes using IAM groups and service principals to enable least-privilege access?

Explanation:
Using IAM groups for human users and service principals for applications helps enforce least-privilege by separating duties and tightly controlling what each identity can do. Groups let you grant permissions to many users at once; you assign the necessary rights to the group and then add or remove users from that group as roles evolve. This keeps access consistent and scalable, rather than giving individual users overlapping, broader permissions. Service principals represent an application or service identity. By assigning a dedicated, narrowly scoped policy to each principal, the app gains only the permissions it truly needs to function. This minimizes risk because even if credentials are exposed, the impact is limited to the app’s permitted actions rather than broader human access. Regular reviews are essential to keep access aligned with current needs. Over time, teams change and applications evolve, so revisiting group memberships and principal permissions ensures ongoing adherence to the principle of least privilege. Service principals are not used to bypass authentication, and groups are indeed a practical way to manage access for multiple users. Roles can be attached to service accounts as part of normal access control, not avoided.

Using IAM groups for human users and service principals for applications helps enforce least-privilege by separating duties and tightly controlling what each identity can do. Groups let you grant permissions to many users at once; you assign the necessary rights to the group and then add or remove users from that group as roles evolve. This keeps access consistent and scalable, rather than giving individual users overlapping, broader permissions.

Service principals represent an application or service identity. By assigning a dedicated, narrowly scoped policy to each principal, the app gains only the permissions it truly needs to function. This minimizes risk because even if credentials are exposed, the impact is limited to the app’s permitted actions rather than broader human access.

Regular reviews are essential to keep access aligned with current needs. Over time, teams change and applications evolve, so revisiting group memberships and principal permissions ensures ongoing adherence to the principle of least privilege.

Service principals are not used to bypass authentication, and groups are indeed a practical way to manage access for multiple users. Roles can be attached to service accounts as part of normal access control, not avoided.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy