Role-Based Access Control

5 minutes 5 Questions

Role-Based Access Control (RBAC) is a security concept that involves assigning different levels of access permissions to individuals based on their specific job roles. With RBAC, a user's access is strictly controlled and limited to actions required to perform their specific role within an organiza…

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

Question 1

In your organization, all applications running in AWS need to send emails using Amazon SES. How can you grant them the required permissions to use SES?

Create an IAM user with an SES policy and attach the user to the applications Create an IAM role with an SES policy and attach the role to the applications Attach the SES policy directly to the applications Create an IAM role with an S3 policy and attach the role to the applications

Correct Answer: Create an IAM role with an SES policy and attach the role to the applications

By creating an IAM role with an Amazon SES policy and attaching the role to the applications, you can grant required permissions to use SES. Attaching a policy directly to a resource, creating an IAM user or enabling public access is not the recommended practice.

Question 2

You must grant Amazon S3 access in three scenarios: (1) internal developers in your account need access to specific prefixes, (2) a partner in another AWS account needs read-only access to a shared bucket, and (3) certain legacy objects uploaded by other accounts require per-object permission overrides. Which approach can meet all of these requirements?

Use only Access Control Lists (ACLs) Use a combination of IAM policies, bucket policies, and Access Control Lists (ACLs) Use only IAM policies Use only bucket policies

Correct Answer: Use a combination of IAM policies, bucket policies, and Access Control Lists (ACLs)

IAM policies are identity-based and best for granting permissions to users and roles in your own account (for example, developers needing access to certain prefixes). Bucket policies are resource-based and ideal for cross-account access (for example, granting a partner account read-only access to a bucket). ACLs operate at the object and bucket level and are primarily used for per-object permissions and legacy scenarios where object ownership or cross-account uploads complicate access control. Together, these mechanisms cover all required use cases; using only one of them cannot satisfy identity-based, cross-account, and per-object legacy needs simultaneously.

Question 3

A company needs to implement cross-account access using Role-Based Access Control. How should you configure the IAM role in the target account to enable secure access?

Add a trust policy for the source account in the target account. Share the AWS root account credentials of the target account. Create a new IAM user with administrative permissions in the target account. Create an access key and secret key for an IAM role in the target account.

Correct Answer: Add a trust policy for the source account in the target account.

To enable secure cross-account access using RBAC, add a trust policy for the source account in the target account to allow only authorized users from the source account to assume the role.

🎓 Unlock Premium Access

CompTIA Security+ + ALL Certifications

More Role-Based Access Control questions

19 questions (total)

Start 19 question test

Role-Based Access Control

Guide: Role-Based Access Control

CompTIA Security+ - Role-Based Access Control Example Questions

Question 1

Question 2

Question 3

🎓 Unlock Premium Access