Practice IAM Questions Now

Start a timed practice session focusing on AWS Identity and Access Management (IAM) topics from the CLF-C02 question bank.

Start CLF-C02 Practice Quiz →

CLF-C02 IAM Question Bank (18 Questions)

Browse all 18 practice questions covering AWS Identity and Access Management (IAM) for the CLF-C02 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

Question 1Security and Compliance
Which type of IAM policy is stored in IAM itself and can be attached to multiple users, groups, and roles?
AInline policy
BResource-based policy
CAWS managed or customer managed policy
DPermission boundary
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 2Security and Compliance
Which IAM concept groups multiple IAM policies together and attaches them to a user or role for a specific limited duration?
AIAM Group
BPermission Boundary
CIAM Role with session policies
DResource-based policy
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 3Security and Compliance
A developer has created an IAM user with administrative access for initial testing. The security team wants to ensure the principle of least privilege is applied before production. What should they do first?
AEnable MFA on the IAM user
BRemove unused IAM users
CReview and limit permissions to only what the user needs
DRotate access keys
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 4Security and Compliance
An IAM policy grants a user both Allow and an explicit Deny on the same S3:PutObject action. What is the result?
AAllow — most permissive wins
BDeny — explicit Deny always overrides Allow
CAn error is returned requesting policy conflict resolution
DThe most recently created policy wins
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 5Security and Compliance
Which AWS service is the primary tool for managing user identities, groups, roles, and permissions for AWS services?
AAmazon Cognito
BAWS Directory Service
CAWS IAM
DAWS SSO
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 6Security and Compliance
Which IAM construct groups users together so policies can be applied to all of them at once?
AIAM Role
BIAM Group
CIAM Policy
DIAM Instance Profile
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 7Security and Compliance
Which feature lets you set a maximum permissions cap on an IAM user or role, regardless of what identity-based policies are attached?
AIAM Group membership
BPermission Boundary
CService Control Policy
DResource-based policy
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 8Billing, Pricing and Support
Which AWS Trusted Advisor category identifies S3 buckets with open public access or IAM users without MFA?
ACost Optimization
BPerformance
CSecurity
DFault Tolerance
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 9Security and Compliance
Which AWS best practice should be applied to the AWS account root user immediately after account creation?
AGenerate root access keys for CLI access
BEnable MFA and avoid using root for daily tasks
CCreate an IAM role for root
DShare root credentials with all administrators for emergency access
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 10Security and Compliance
Which type of IAM policy is attached to an S3 bucket to grant a different AWS account access to it?
AIdentity-based policy
BResource-based policy
CPermission boundary
DService Control Policy
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 11Security and Compliance
Which IAM policy type can be attached directly to AWS resources like S3 buckets and SQS queues?
AManaged policy
BInline policy
CResource-based policy
DPermission boundary
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 12Security and Compliance
What is the 'principle of least privilege' regarding IAM?
AGrant AdministratorAccess to all developers to maximize productivity
BGrant only the minimum permissions required for a specific job function or task
CGive all services full S3 access to avoid permission errors
DRotate access keys every year
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 13Cloud Technology and Services
Which Route 53 routing policy sends traffic to the region with the lowest network latency to the end user?
AWeighted routing
BFailover routing
CGeolocation routing
DLatency-based routing
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 14Select All That ApplySecurity and Compliance
A root user credential compromise is the highest-risk AWS security event. Which two actions MOST reduce this risk? (Select TWO)
AEnable MFA on the root user
BShare root credentials with only the security team
CDelete root access keys
DRotate root access keys every 30 days
EDisable root user access in IAM
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 15Security and Compliance
Which IAM policy evaluation step occurs FIRST and can override all other policies?
AIdentity-based policy Allow check
BExplicit Deny evaluation
CResource-based policy check
DPermission boundary evaluation
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 16Security and Compliance
Which IAM feature lets you attach a policy that limits an IAM entity to specific IP addresses or time windows?
APermission boundaries
BIAM Condition keys in policies (e.g., aws:SourceIp, aws:CurrentTime)
CIAM Groups
DResource-based policies
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 17Security and Compliance
A security engineer needs to prevent a specific IAM user from deleting CloudTrail trails, regardless of admin policies they might have. What is the BEST control?
ARemove all IAM policies from the user
BAdd a Deny policy for cloudtrail:DeleteTrail on the user or via SCP
CEnable MFA on the user account
DMove the user to a read-only IAM group
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz
Question 18Security and Compliance
Which security practice does AWS recommend when creating new IAM users?
AGrant AdministratorAccess by default for ease of use
BAttach only the policies needed for the user's specific job function (least privilege)
CCreate one shared IAM user for all team members
DDisable MFA to simplify login for new users
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start CLF-C02 Quiz

Key IAM Concepts for CLF-C02

iamusergrouprolepolicymfaroot userleast privilegeidentity federationidentity center

CLF-C02 IAM Exam Tips

AWS Identity and Access Management (IAM) questions in CLF-C02 are typically scenario-based. Focus on core cloud concepts, shared responsibility, and AWS service purpose matching. Priority concepts: iam, user, group, role, policy, mfa.

What CLF-C02 Expects

Anchor your answer in pick the simplest accurate service answer and avoid over-engineering.
IAM scenarios for CLF-C02 are frequently mapped to Domain 2 (30%), so read the objective carefully before picking controls or architecture.
Expect multi-topic scenarios where IAM interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated question.
When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Foundational) and vendor best practices.

High-Value IAM Concepts

Know the core IAM building blocks cold: iam, user, group, role.
Review the edge-case features and limits for policy, mfa; these details are commonly used to differentiate answer choices.
Practice service-integration reasoning: how IAM pairs with Shared Responsibility, Organizations, Security & Compliance in real deployment patterns.
For CLF-C02, explain why the chosen IAM design meets reliability, security, and cost expectations better than the alternatives.

Common CLF-C02 Traps

Watch for mixing up customer vs AWS responsibilities.
Questions in Security and Compliance often include distractors that look correct for IAM but violate least-privilege, durability, or availability requirements.
Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

Can you compare at least two IAM implementation paths and justify which one best fits the scenario?
Can you map the chosen answer back to Security and Compliance (30%) outcomes for CLF-C02?
Can you explain security and access boundaries for IAM without relying on default-open assumptions?
Can you describe how IAM integrates with Shared Responsibility and Organizations during failure, scaling, and monitoring events?

Exam Domains Covering IAM

Domain 2Security and Compliance30%

Related Resources

🎯 Free CLF-C02 Mock Exam Shared Responsibility Questions Organizations Questions Security & Compliance Questions

More CLF-C02 Study Resources

← CLF-C02 Study Hub 30-Day Study Plan Full Practice Exam

🔐 AWS Identity and Access Management (IAM) - CLF-C02 Practice Questions