AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company has several IAM users with AdministratorAccess permissions. The security team wants to ensure that if any of these users' console passwords are compromised, an attacker still cannot sign in to the AWS Management Console. Which action should a solutions architect recommend to improve the security of these privileged identities?
Enforce a password policy that requires at least 14 characters and special characters.
Rotate the access keys for these users every 30 days and store them in AWS Secrets Manager.
Require multi-factor authentication (MFA) for the root user and all IAM users with AdministratorAccess.
Enable AWS Shield Advanced to protect the sign-in endpoint from DDoS attacks.
Requiring multi-factor authentication (MFA) adds a second, independent verification factor-such as a one-time code from a virtual authenticator or a hardware security key-in addition to the user's password. This prevents console access even if the password alone is stolen. Enforcing a strong password policy, rotating access keys, or deploying AWS Shield Advanced all improve security in other ways, but none of those controls require a second factor during console sign-in.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is multi-factor authentication (MFA) and how does it work?
Open an interactive chat with Bash
Why is it risky to store access keys in plaintext, even on encrypted volumes?
Open an interactive chat with Bash
What are some best practices for managing privileged accounts in AWS?