Question #1201
Which of the following are AWS best practice recommendations for the use of AWS Identity and Access Management (IAM)? (Choose two.)
Log in as the AWS account root user for regular administrative tasks.
Store access keys and secret access keys in Amazon EC2 instance metadata.
Implement regular credential rotation for IAM users.
Share IAM user credentials among team members for administrative access.
Enable multi-factor authentication for all IAM users.
Explanation
C and E are correct because:
- C: Regular credential rotation minimizes the risk of compromised credentials being exploited.
- E: Multi-factor authentication (MFA) adds a critical security layer beyond passwords.
Other options are incorrect:
- A: Root user access should be restricted to emergencies, not daily tasks.
- B: Storing keys in EC2 metadata is insecure; use IAM roles instead.
- D: Shared credentials violate the principle of individual accountability.
Key Points:
1. Avoid root user for routine tasks.
2. Use IAM roles over hardcoding keys.
3. Rotate credentials regularly.
4. Never share credentials.
5. Always enable MFA.
Answer
The correct answer is: CE