Question #1167
Which of the following actions enhance security in an AWS environment? (Choose two.)
Enabling multi-factor authentication (MFA) for the root user
Using AWS CloudFormation to deploy infrastructure
Configuring AWS Trusted Advisor to monitor security best practices
Sharing IAM credentials across multiple users
Disabling Amazon GuardDuty to reduce costs
Explanation
A. Enabling MFA for the root user is a foundational security measure. The root account has unrestricted access, and MFA adds an extra authentication layer, reducing the risk of unauthorized access.
C. Trusted Advisor scans AWS environments for security gaps (e.g., open ports, IAM misconfigurations) and provides actionable recommendations, ensuring adherence to security best practices.
Other options:
B. CloudFormation automates deployments but does not inherently enhance security.
D. Sharing IAM credentials violates the principle of least privilege and increases security risks.
E. Disabling GuardDuty removes threat detection capabilities, weakening security.
Key Points:
- Always enable MFA for root/users.
- Use AWS security tools like Trusted Advisor and GuardDuty to monitor and improve security posture.
Answer
The correct answer is: AC