Which of the following statements about AWS IAM are correct? (Choose TWO.)
A question asking to choose two correct statements about IAM.
When a policy is attached to a group, the permissions apply to all users in that group.
This is correct. Attaching a policy to a group applies the same permissions to all member users. It makes managing permissions for many people more efficient.
Using IAM incurs a fixed monthly additional charge per user.
Using IAM users, groups, roles, and policies incurs no additional charge by itself.
The statement that there is a fixed charge is wrong, so it is incorrect.
The root user is recommended for everyday operations.
Because the root user has the highest privileges, the recommendation is not to use it for everyday operations and to use a least-privilege administrative IAM user or role instead.
The recommendation is the opposite, so this is incorrect.
IAM roles can also be assigned to AWS services (such as EC2).
This is correct. IAM roles can be assigned not only to people but also to AWS services such as EC2 and Lambda, letting them access other services securely with temporary credentials.
An IAM policy, once created, can never be changed or deleted.
An IAM policy can be edited, deleted, and replaced after it is created.
The statement that it cannot be changed is wrong, so it is incorrect.
IAM essentials: a group's policy applies to all member users, roles can also be assigned to services, IAM usage is free, and do not use root daily — use least-privilege IAM. Policies can be changed at any time.