Which of the following describes a security best practice that can be implemented by using AWS Identity and Access Management (IAM)?

Question

BlackTom AI · Accepted Answer

Question restatement: Which of the following describes a security best practice that can be implemented by using AWS Identity and Access Management (IAM)?

Option 1: 'Generate secret keys for every IAM user.' Generating secret access keys for every user is not a best practice because managing long-lived credentials increases risk. If keys are compromised, they may be misused unless rotated regularly, and each key represents a potential attack surface. IAM best practices favor using role-based access, temporary credentials via STS, and minimizing long-term secret keys.

Option 2: 'Store AWS credentials within Amazon EC2 instances.' Storing credentials inside EC2 instances is insecure because if the instance is compromised, the credentials can be exposed. A secure pattern is to use IAM roles attached to instances (and possibly AWS Secrets Manager) to provide temporary, scoped credentials without embedding secrets in the instance.

Option 3: 'Turn off AWS Management Console access for all users.' Turning off console access for all users would prevent legitimate administrative and interactive access, which is not a practical security best practice. IAM supports least-privilege access through granular permissions while still allowing necessary console access where required.

Option 4: 'Grant permissions to users who are required to perform a specific task only.' This aligns with the principle of least privilege and task-based access control. By granting permissions narrowly tailored to the tasks a user must perform, you minimize risk and limit blast radius if credentials are compromised. IAM enables you to define granular policies that apply to specific actions, resources, and conditions, making this a strong security best practice.

In summary, the options explore common pitfalls versus solid principles: avoid long-term secret keys and embedded credentials, avoid blanket denial of access that hampers operations, and favor least-privilege, task-based permission grants as enabled by IAM. The reasoning clearly distinguishes why each non-preferred approach falls short of best practices, while the fourth option embodies the recommended IAM approach for secure access control.

Which of the following describes a security best practice that can be implemented by using AWS Identity and Access Management (IAM)?

查看解析

登录即可查看完整答案

类似问题

What components ensure secure access and management of user identities within the digital ecosystem?

Which IAM security practices are recommended? (Select ALL that apply)

Which of the following are best practices to secure your account using the identity and Access Management (IAM)? (Choose 2)

Which AWS service enables identity and access management?

With AWS IAM, you can manage which THREE of the following?

What is the best practice for applying permissions to many users who perform the same job?

Which of the followings is not an AWS IAM identity?

Which domain contains critical systems and applications that support and provide various services that perform core functions like authentication, authorization, and data management?

更多留学生实用工具

考试浏览器助手

风格化写作助手

论文查重助手

文献引用助手

课堂转译助手

课堂笔记助手

Quiz搜索助手

学校历年真题

智能刷题助手

智能匹配练习

希望你的学习变得更简单