AWS Certified Cloud Practitioner (CLF-C02) — Question 533

Which of the following are AWS best practice recommendations for the use of AWS Identity and Access Management (IAM)? (Choose two.)

Answer options

• A. Use the AWS account root user for daily access.
• B. Use access keys and secret access keys on Amazon EC2.
• C. Rotate credentials on a regular basis.
• D. Create a shared set of access keys for system administrators.
• E. Configure multi-factor authentication (MFA).

Correct answer: C, E

Explanation

AWS IAM best practices recommend regularly rotating credentials to limit the impact of potential leaks and enabling multi-factor authentication (MFA) to add an extra layer of security for user accounts. Conversely, using the root user for daily tasks, sharing credentials among administrators, or hardcoding access keys on Amazon EC2 instances are insecure practices that violate the principle of least privilege.