AWS Certified Cloud Practitioner

AWS Identity and Access Management (IAM) is the service used to enable Multi-Factor Authentication (MFA) for AWS accounts and users. IAM provides centralized control over who can access AWS services and resources, and MFA adds an extra layer of security by requiring users to provide two forms of authentication:

• Something you know (password)
• Something you have (MFA device)

Key points about MFA in IAM:

• Can be enabled for the root AWS account
• Can be enabled for individual IAM users
• Supports virtual MFA devices (like Google Authenticator, Authy)
• Supports hardware MFA devices (like YubiKey)
• Supports Universal 2nd Factor (U2F) security keys

Other options explained:

• B. Amazon EC2: A compute service for virtual servers, not for authentication
• C. AWS Config: A service for resource inventory and configuration history
• D. Amazon Inspector: A security vulnerability assessment service

MFA is a critical security best practice that helps protect against unauthorized access even if passwords are compromised.