Question #1301
Which of the following are functionalities provided by AWS Identity and Access Management (IAM)? (Choose two.)
Define granular permissions for AWS resources and API actions.
Continuously monitor network traffic for intrusions.
Enforce the use of a second authentication factor during login.
Mitigate distributed denial-of-service (DDoS) attacks.
Grant administrative access to on-premises servers.
Explanation
A and C are correct because:
- A: IAM enables granular permissions via policies to control access to AWS resources and API actions.
- C: IAM supports enforcing MFA for added login security.
Other options are incorrect because:
- B: Monitoring network traffic is handled by Amazon GuardDuty.
- D: DDoS mitigation is managed by AWS Shield.
- E: IAM controls AWS resources, not on-premises servers (use IAM Roles Anywhere or hybrid solutions).
Key Points:
- IAM focuses on authentication, authorization, and access policies.
- MFA is a core IAM feature for securing accounts.
- AWS Shield, WAF, and GuardDuty handle network/DDoS security.
Answer
The correct answer is: AC