AWS Certified Solutions Architect Associate SAA-C03 Practice Question
Which security measure adds an additional authentication factor beyond a user's password and therefore provides the most effective single control to reduce the risk of unauthorized access to an AWS account?
Restrict logins to a fixed list of trusted IP address ranges
Enable multi-factor authentication (MFA) for all root and IAM users
Enforce a strong password policy with length and character complexity
Rotate IAM user access keys and passwords on a regular schedule
Multi-factor authentication (MFA) requires users to present both their standard credentials and a one-time code generated by a registered device (virtual TOTP app, hardware token, or FIDO security key). Even if an attacker obtains the password or access key, they still cannot sign in without the second factor. Rotating IAM credentials, using IP-based conditions, and enforcing strong passwords are all recommended practices, but none add this second, out-of-band factor, so they do not mitigate password compromise as effectively as MFA.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is multi-factor authentication (MFA)?
Open an interactive chat with Bash
How does MFA work in AWS?
Open an interactive chat with Bash
What are IAM credentials and why should they be rotated?