AWS Certified Cloud Practitioner — Question 769

A company is setting up AWS Identity and Access Management (IAM) on an AWS account.

Which recommendation complies with IAM security best practices?

Answer options

• A. Use the account root user access keys for administrative tasks.
• B. Grant broad permissions so that all company employees can access the resources they need.
• C. Turn on multi-factor authentication (MFA) for added security during the login process.
• D. Avoid rotating credentials to prevent issues in production applications.

Correct answer: C

Explanation

Enabling multi-factor authentication (MFA) is a fundamental IAM security best practice as it adds an extra layer of defense beyond standard credentials. In contrast, using root user access keys, granting overly broad permissions, and failing to rotate credentials all violate the principles of least privilege and secure identity management.