Practise the standard verbs for enforcing least privilege in AWS IAM.
0 / 5 completed
1 / 5
Fill in: 'We ___ each IAM role to the specific actions a service actually needs rather than granting broad wildcard permissions.'
We 'scope a role' — the standard, established IAM collocation for narrowing permissions to what's required. The other options aren't the recognised term here.
2 / 5
Fill in: 'Attaching an overly broad managed policy can ___ a compromised service able to touch resources far beyond its own job.'
We say a broad policy will 'leave' excess access exposed — the standard, natural collocation for the resulting risk. The other options aren't idiomatic here.
3 / 5
Fill in: 'We ___ unused permissions flagged by IAM Access Analyzer so a role's grants shrink back toward what's actually exercised.'
We 'remove' permissions — the standard, simple collocation for revoking unnecessary grants. The other options are less idiomatic here.
4 / 5
Fill in: 'We ___ every new IAM policy against real CloudTrail usage before approving it, instead of trusting the requester's guess.'
We 'review' a policy — the standard, simple collocation for checking a permission set before approval. The other options are less idiomatic here.
5 / 5
Fill in: 'We ___ access to production roles through a time-limited approval workflow rather than granting standing permissions forever.'
We 'restrict access' — the standard, established collocation for limiting who can assume a privileged role. The other options aren't the recognised term here.