Skip to Content

Answer Explained: Which recommendation complies with IAM security best practices

Question

A company is setting up AWS Identity and Access Management (IAM) on an AWS account.

Which recommendation complies with IAM security best practices?

A. Use the account root user access keys for administrative tasks.
B. Grant broad permissions so that all company employees can access the resources they need.
C. Turn on multi-factor authentication (MFA) for added security during the login process.
D. Avoid rotating credentials to prevent issues in production applications.

Answer

C. Turn on multi-factor authentication (MFA) for added security during the login process.

Explanation

The correct answer is option C: Turn on multi-factor authentication (MFA) for added security during the login process.

Explanation: AWS Identity and Access Management (IAM) is a service that helps you manage access to AWS resources securely. When setting up IAM on an AWS account, it is important to follow security best practices to ensure the protection of your resources and data.

Let’s go through each option and explain why option C is the correct recommendation:

A. Use the account root user access keys for administrative tasks: Using the account root user access keys for administrative tasks is not recommended. The root user has full access to all resources in the AWS account, and using its access keys for day-to-day administrative tasks can pose a security risk. It is best practice to create individual IAM users with appropriate permissions and use those users for administrative tasks instead.

B. Grant broad permissions so that all company employees can access the resources they need: Granting broad permissions to all company employees is not a recommended practice. It is important to adhere to the principle of least privilege, which means granting only the minimum permissions necessary for users to perform their required tasks. Giving broad permissions increases the risk of unauthorized access and potential security breaches.

C. Turn on multi-factor authentication (MFA) for added security during the login process: Enabling multi-factor authentication (MFA) is an essential security measure. MFA adds an extra layer of protection to the login process by requiring users to provide two or more pieces of evidence to verify their identity. This typically involves something the user knows (password) and something the user possesses (such as a mobile device or hardware token). Enabling MFA significantly reduces the risk of unauthorized access, even if a user’s password is compromised.

D. Avoid rotating credentials to prevent issues in production applications: Rotating credentials at regular intervals is considered a best practice for security. Regularly changing passwords and access keys helps mitigate the risk of unauthorized access, especially in the event of a credentials compromise. Avoiding credential rotation can lead to increased vulnerability to attacks and potential issues in production applications.

In conclusion, the recommended action that complies with IAM security best practices is to turn on multi-factor authentication (MFA) for added security during the login process (option C). This strengthens the authentication process and reduces the risk of unauthorized access.

Reference

Amazon AWS Certified Cloud Practitioner certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner exam and earn Amazon AWS Certified Cloud Practitioner certification.

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.