Answer-first summary for fast verification
Answer: Set an overall password policy for the entire AWS account.
## Explanation The correct answer is **A. Set an overall password policy for the entire AWS account.** ### Why this is correct: 1. **AWS IAM Password Policy**: AWS IAM allows you to set an account-wide password policy that applies to all IAM users. This policy can enforce: - Minimum password length - Password complexity requirements (uppercase, lowercase, numbers, special characters) - Password expiration and rotation periods - Password reuse restrictions - Password change requirements 2. **Automatic Application**: Once set, this policy automatically applies to all new IAM users created in the account, ensuring that all new users will have the required password complexity and rotation periods. 3. **AWS Best Practice**: Setting an account-wide password policy is the AWS-recommended approach for enforcing consistent security requirements across all IAM users. ### Why other options are incorrect: **B. Set a password policy for each IAM user in the AWS account.** - This is inefficient and error-prone. You would need to manually configure password policies for each user individually, which doesn't scale well and could lead to inconsistencies. - AWS IAM doesn't support setting password policies on a per-user basis; password policies are account-wide. **C. Use third-party vendor software to set password requirements.** - While third-party identity management solutions exist, this is unnecessary complexity when AWS provides native IAM password policy functionality. - This would add additional cost and management overhead without providing benefits over the native AWS solution. **D. Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.** - There is no "Create_newuser" event in CloudWatch Events that can be used to trigger password policy enforcement. - Password policies should be set proactively, not reactively through event-driven mechanisms. - This approach would not guarantee that password requirements are met at the time of user creation. ### Key Takeaway: AWS IAM password policies are account-wide settings that automatically enforce password requirements for all IAM users, making them the most efficient and reliable way to ensure consistent security standards across an organization.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords.
What should the solutions architect do to accomplish this?
A
Set an overall password policy for the entire AWS account.
B
Set a password policy for each IAM user in the AWS account.
C
Use third-party vendor software to set password requirements.
D
Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.