AWS IAM questions

I have some single choice questions regarding AWS. I would appreciate if anyone can help to find the correct answers as I am not sure in some of them.

1. How many active access keys can an IAM user have at any given time?
a)  4       
b)  2
c)  3
d)  1 

What is the main advantage to a pre-signed URL?
a)  You can safely put restricted data into S3 without fear of compromise.          
b)  You can grant temporary access to S3 objects to users without an AWS account. 
c)  You can limit access to S3 based on the language in which the calling application is written. 
d)  You do not have to manage permission on the S3 objects as closely. 

Is it possible to configure the AWS CLI with profiles associated with different IAM users?
a)  Only if the IAM users are in different AWS accounts         
b)  No
c)  Only if the IAM users are in the same AWS accounts. 
d)  Yes

How can you manage access to S3 via an EC2 instance without embedding user credentials on that instance?
a)  By assigning permissions to an IAM roles.
b)  By creating an IAM service accounts. 
c)  EC2 instances can access S3 natively from within a VPC.
d)  By customizing S# bucket permissions. 

How do you enable financial access to an IAM user?
a)  You can activate the financial administrator option in the AWS console. 
b)  You don’t need to, since IAM users have access to financial details by default. 
c)  You can’t, since access to financial information by IAM accounts is not supported. 
d)  You can activate IAM access using the root account.

What is an unique advantage of AWS IAM roles?
a)  The ability to aggregate permission sets
b)  The ability to grant access to a specific AWS resource
c)  The ability to grant permissions to groups. 
d)  The ability to assign roles to EC2 instances. 

Is it a best practice to assign permissions to individuals as opposed to groups?
a)  It depends on the number of people in the organization. 
b)  Yes, since permissions assigned to individuals are harder to manage. 
c)  It depends on the number of groups in your organization. 
d)  No, organizations are made up of individuals and should be permissioned as such. 

What is the preferred approach to implementing separation of duties on your root AWS ACCOUNT?
a)  Google authenticator
b)  Hardware token
c)  Duo security
d)  Authy 2-Factor

Three of these choices are your responsibility to secure. Which is not?
a)  Network access to your web tier 
b)  Permissions to objects within S3
c)  RDS infrastructure
d)  Operating systems running on EC2