Which of the following actions are controlled with AWS Identity and Access Management (IAM)?
(Choose two.)
Control access to AWS service APIs and to other specific resources.
Provide intelligent threat detection and continuous monitoring.
Protect the AWS environment using multi-factor authentication (MFA).
Grant users access to AWS data centers.
Provide firewall protection for applications from common web attacks.
Explanations:
IAM controls access to AWS service APIs and specific resources by defining permissions and policies that dictate what actions users can perform on which resources. This enables granular access control for various AWS services.
Intelligent threat detection and continuous monitoring are primarily managed by services like AWS GuardDuty and AWS CloudTrail, not IAM. IAM focuses on identity and access management rather than threat detection.
IAM supports multi-factor authentication (MFA) as a security measure to enhance user identity verification, ensuring that access is granted only to those who can provide multiple forms of authentication.
IAM does not grant access to AWS data centers. Physical access to data centers is controlled by AWS facilities management and not by IAM, which only manages access to AWS resources and services.
Firewall protection from common web attacks is typically provided by services such as AWS WAF (Web Application Firewall) and AWS Shield. IAM does not handle application layer security or firewall capabilities.