Exam AWS Certified Cloud Practitioner CLF-C02 topic 1 question 39 discussion

A. Use the account root user access keys for administrative tasks: It is not recommended to use the root user's access keys for day-to-day administrative tasks. The root user has unrestricted access, and using its access keys poses security risks. B. Grant broad permissions so that all company employees can access the resources they need: It's advisable to follow the principle of least privilege, granting users only the permissions they need to perform their tasks. C. Turn on multi-factor authentication (MFA) for added security during the login process: Enabling multi-factor authentication (MFA) is a security best practice. It adds an extra layer of protection by requiring users to provide a second form of authentication in addition to their password. This helps prevent unauthorized access even if credentials are compromised. D. Avoid rotating credentials to prevent issues in production applications: Regularly rotating credentials, such as access keys and passwords, enhances security by reducing the window of opportunity for attackers.

nabling Multi-Factor Authentication (MFA) is a key IAM security best practice because it adds an extra layer of security by requiring a second form of authentication (such as a one-time code from an authenticator app or a hardware token) in addition to a password.

C. Turn on multi-factor authentication (MFA) for added security during the login process.

c is ok

https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

C is correct

Answer C is Correct.

Turn on multi-factor authentication (MFA) for added security during the login process. Enabling multi-factor authentication (MFA) for user accounts, especially for users with administrative or high-privilege access, is a crucial security best practice. MFA adds an additional layer of security by requiring users to provide two or more verification factors (typically something they know, like a password, and something they have, like a temporary MFA code from a hardware token or mobile app) before gaining access. This significantly reduces the risk of unauthorized access, even if login credentials are compromised.

The answer is C.