Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing? (Choose
two.)
A.
Create individual IAM users for everyone in your organization
B.
Configure MFA on the root account and for privileged IAM users
C.
Assign IAM users and groups configured with policies granting least privilege access
D.
Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and
X.509 certificate
Explanation:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
The explanation is pointing to S3 not IAM.
http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
0
0
B:C
11
0
C and D are the answers
Not A, because its not compulsory to create IAM users for everyone in your organisation.
Not B, because you can only create MFA for the root account, you cannot create for both the root account and any other privileged user.
0
16
B is correct. MFA can be enabled for IAM users.
http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Enable MFA for Privileged Users
For extra security, enable multi-factor authentication (MFA) for privileged IAM users (users who are allowed access to sensitive resources or APIs).
4
0
You can enable MFA for privileged users
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#enable-mfa-for-privileged-users
B:C
8
0
As explained above B & C
2
0