Which of the following describes a security best practice that can be implemented by using AWS Identity and Access Management (IAM)?

Question

BlackTom AI · Accepted Answer

Question restatement: Which of the following describes a security best practice that can be implemented by using AWS Identity and Access Management (IAM)?

Option 1: 'Generate secret keys for every IAM user.' Generating secret access keys for every user is not a best practice because managing long-lived credentials increases risk. If keys are compromised, they may be misused unless rotated regularly, and each key represents a potential attack surface. IAM best practices favor using role-based access, temporary credentials via STS, and minimizing long-term secret keys.

Option 2: 'Store AWS credentials within Amazon EC2 instances.' Storing credentials inside EC2 instances is insecure because if the instance is compromised, the credentials can be exposed. A secure pattern is to use IAM roles attached to instances (and possibly AWS Secrets Manager) to provide temporary, scoped credentials without embedding secrets in the instance.

Option 3: 'Turn off AWS Management Console access for all users.' Turning off console access for all users would prevent legitimate administrative and interactive access, which is not a practical security best practice. IAM supports least-privilege access through granular permissions while still allowing necessary console access where required.

Option 4: 'Grant permissions to users who are required to perform a specific task only.' This aligns with the principle of least privilege and task-based access control. By granting permissions narrowly tailored to the tasks a user must perform, you minimize risk and limit blast radius if credentials are compromised. IAM enables you to define granular policies that apply to specific actions, resources, and conditions, making this a strong security best practice.

In summary, the options explore common pitfalls versus solid principles: avoid long-term secret keys and embedded credentials, avoid blanket denial of access that hampers operations, and favor least-privilege, task-based permission grants as enabled by IAM. The reasoning clearly distinguishes why each non-preferred approach falls short of best practices, while the fourth option embodies the recommended IAM approach for secure access control.

Which of the following describes a security best practice that can be implemented by using AWS Identity and Access Management (IAM)?

View Explanation

Log in for full answers

Similar Questions

What components ensure secure access and management of user identities within the digital ecosystem?

Which IAM security practices are recommended? (Select ALL that apply)

Which of the following are best practices to secure your account using the identity and Access Management (IAM)? (Choose 2)

Which AWS service enables identity and access management?

With AWS IAM, you can manage which THREE of the following?

What is the best practice for applying permissions to many users who perform the same job?

Which of the followings is not an AWS IAM identity?

Which domain contains critical systems and applications that support and provide various services that perform core functions like authentication, authorization, and data management?

More Practical Tools for Students Powered by AI Study Helper

Homework AI Solver

Stylized AI Paper Writer

Plagiarism Checker Assistant

Citation AI Academic Writing Tool

In-Class Translation Assistant

AI Note Generator

AI Quiz Answers

Past Exam Questions from University Test Bank

Smart Practice Assistant

Adaptive Practice

Making Your Study Simpler