After creating a new IAM user which of the following must be done before they can
successfully make API calls?

A.
Add a password to the user.

B.
Enable Multi-Factor Authentication for the user.

C.
Assign a Password Policy to the user.

D.
Create a set of Access Keys for the user.

Explanation:
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SettingUpUser.html