Which of the following are AWS best practice recommendations for the use of AWS Identity and Access Management (IAM)?
(Choose two.)
Use the AWS account root user tor daily access.
Use access keys and secret access keys on Amazon EC2.
Rotate credentials on a regular basis.
Create a shared set of access keys for system administrators.
Configure multi-factor authentication (MFA).
Explanations:
Using the AWS account root user for daily access is not a best practice. The root user has unrestricted access to all resources and should only be used for tasks that require root privileges. Daily tasks should be performed using IAM users with appropriate permissions.
Using access keys and secret access keys on Amazon EC2 is not recommended. Instead, it is best to use IAM roles for EC2 instances, which automatically provide temporary credentials without the need to manage access keys.
Rotating credentials on a regular basis is a best practice to enhance security. This reduces the risk of compromised credentials by limiting the time they can be used.
Creating a shared set of access keys for system administrators is not a best practice. Each user should have their own IAM credentials to maintain accountability and security. Shared credentials can lead to unauthorized access and difficulty in tracking user actions.
Configuring multi-factor authentication (MFA) is a best practice as it adds an extra layer of security. MFA requires users to provide additional verification beyond just a password, making it more difficult for unauthorized users to gain access.