ExamGecko
Search Search Login
Home Home / Amazon / CLF-C02
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which AWS service gives users on-demand, sell-service access to AWS compliance control reports?
Which AWS service provides storage-optimized and compute-optimized device configurations?
A company is running a reporting web server application on Amazon EC2 instances. The application runs once every week and once again at the end of the month. The EC2 instances can be shut down when they are not in use. What is the MOST cost-effective billing model for this use case?
A company needs to manage multiple logins across AWS accounts within the same organization in AWS Organizations. Which AWS service should the company use to meet this requirement?
Which design principle aligns with performance efficiency pillar of the AWS Well-Architected Framework?
According to the AWS shared responsibility model, which of the following are AWS responsibilities? (Select TWO.)
Which AWS service can create a private network connection from on premises to the AWS Cloud?
Which AWS service or feature allows users to securely store encrypted credentials and retrieve these credentials when required?
A company purchased Amazon EC2 Standard Reserved Instances (Rls) for a workload in the AWS Cloud. The company needs to move part of the workload to an instance family that does not match the instance family of these Standard RIs. How can the company take advantage of the Standard RIs that it no longer needs?
Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Select TWO.)

Question 267 - CLF-C02 discussion

Report
Export

A company is setting up AWS Identity and Access Management (1AM) on an AWS account.

Which recommendation complies with 1AM security best practices?

A.
Use the account root user access keys for administrative tasks.
Answers
A.
Use the account root user access keys for administrative tasks.
B.
Grant broad permissions so that all company employees can access the resources they need.
Answers
B.
Grant broad permissions so that all company employees can access the resources they need.
C.
Turn on multi-factor authentication (MFA) for added security during the login process.
Answers
C.
Turn on multi-factor authentication (MFA) for added security during the login process.
D.
Avoid rotating credentials to prevent issues in production applications.
Answers
D.
Avoid rotating credentials to prevent issues in production applications.
Suggested answer: C

Explanation:

C is correct because turning on multi-factor authentication (MFA) for added security during the login process is one of the IAM security best practices recommended by AWS. MFA adds an extra layer of protection on top of the user name and password, making it harder for attackers to access the AWS account. A is incorrect because using the account root user access keys for administrative tasks is not a good practice, as the root user has full access to all the resources in the AWS account and can cause irreparable damage if compromised. AWS recommends creating individual IAM users with the least privilege principle and using roles for applications that run on Amazon EC2 instances. B is incorrect because granting broad permissions so that all company employees can access the resources they need is not a good practice, as it increases the risk of unauthorized or accidental actions on the AWS resources. AWS recommends granting only the permissions that are required to perform a task and using groups to assign permissions to IAM users. D is incorrect because avoiding rotating credentials to prevent issues in production applications is not a good practice, as it increases the risk of credential leakage or compromise. AWS recommends rotating credentials regularly and using temporary security credentials from AWS STS when possible.

Show Answer
asked 16/09/2024
Amy Sukkar
40 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms