AWS Certified SysOps Administrator – Associate (legacy) — Question 130

Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing? (Choose two.)

Answer options

• A. Create individual IAM users for everyone in your organization
• B. Configure MFA on the root account and for privileged IAM users
• C. Assign IAM users and groups configured with policies granting least privilege access
• D. Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate

Correct answer: B, C

Explanation

The correct answers, B and C, emphasize the importance of securing accounts through Multi-Factor Authentication and ensuring users have only the minimum necessary permissions. Option A is incorrect as creating individual accounts is not a best practice by itself, and option D, while addressing security, focuses too much on credential management rather than the principle of least privilege.