AWS Certified SysOps Administrator – Associate (legacy) — Question 496

A company needs to ensure that all IAM users rotate their passwords on a regular basis.
Which action should be taken take to implement this?

Answer options

• A. Configure multi-factor authentication for all IAM users
• B. Deactivate existing users and re-create new users every time a credential rotation is required
• C. Re-create identity federation with new identity providers every time a credential rotation is required
• D. Set up a password policy to enable password expiration for IAM users

Correct answer: D

Explanation

Configuring an IAM password policy with password expiration enforces regular password rotation automatically for IAM users. Other options like enabling multi-factor authentication enhance security but do not force password changes. Re-creating users or re-establishing identity federation are highly inefficient, disruptive, and incorrect methods for managing password rotation.