AWS Certified SysOps Administrator – Associate (legacy) — Question 86

Your organization's security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password.
Which two of the following options would allow an organization to enforce this policy for AWS users? (Choose two.)

Answer options

• A. Configure multi-factor authentication for privileged 1AM users
• B. Create 1AM users for privileged accounts
• C. Implement identity federation between your organization's Identity provider leveraging the 1AM Security Token Service
• D. Enable the 1AM single-use password policy option for privileged users

Correct answer: A, B

Explanation

Option A is correct because enabling multi-factor authentication adds an extra layer of security, aligning with the policy's requirements. Option B is also correct as creating IAM users for privileged accounts ensures that they have distinct credentials, which can be frequently rotated. Options C and D do not directly enforce the requirement for password management as specified in the policy.