Answer-first summary for fast verification
Answer: Use roles to delegate permissions, Use groups to assign permissions to IAM users
## Explanation **Correct Answers:** - **A. Use roles to delegate permissions** - This is a best practice because roles allow temporary security credentials and help follow the principle of least privilege. - **B. Use groups to assign permissions to IAM users** - This is a best practice as it simplifies permission management and ensures consistent access control. **Incorrect Options:** - **C. Create shared access keys** - Not a best practice as it violates the principle of least privilege and complicates auditing and accountability. - **D. Disable multi-factor authentication (MFA)** - Not a best practice as MFA enhances security; disabling it increases security risks. - **E. Avoid the use of policy conditions** - Not accurate; policy conditions can be useful for fine-grained access control and should be used when appropriate. **Key IAM Best Practices:** - Use roles for cross-account access and temporary permissions - Organize users into groups for easier permission management - Enable MFA for enhanced security - Follow the principle of least privilege - Use policy conditions for granular access control when needed
Author: Ritesh Yadav
Ultimate access to all questions.
Which of the following are best practices in AWS Identity and Access Management (IAM)? (Select TWO.)
A
Use roles to delegate permissions
B
Use groups to assign permissions to IAM users
C
Create shared access keys
D
Disable multi-factor authentication (MFA)
E
Avoid the use of policy conditions
No comments yet.