Which recommendation complies with IAM security best practices?
Use the account root user access keys for administrative tasks.
Grant broad permissions so that all company employees can access the resources they need.
Turn on multi-factor authentication (MFA) for added security during the login process.
Avoid rotating credentials to prevent issues in production applications.
Explanations:
Using the account root user access keys is a bad practice. The root user should only be used for tasks that require root access, and it’s recommended to use IAM users with appropriate permissions for daily administrative tasks.
Granting broad permissions violates the principle of least privilege, which states that users should only be given the permissions necessary to perform their job functions. This increases security risks by exposing resources to unnecessary access.
Enabling multi-factor authentication (MFA) adds an extra layer of security by requiring a second form of verification in addition to the password, making unauthorized access more difficult. This is a widely recommended IAM best practice.
Avoiding credential rotation is a security risk. Regularly rotating credentials helps protect against unauthorized access due to compromised credentials. IAM best practices recommend rotating access keys and passwords periodically.