Exam AWS-SysOps topic 1 question 40 discussion

A & B are correct MFA using a 3rd party authenticator like Google Authenticator. Creating an IAM user will assist with creating a user name and password. Read the question correctly

options A (configure multi-factor authentication for privileged IAM users) and C (implement identity federation between your organization's Identity provider leveraging the IAM Security Token Service) are the two options that would allow an organization to enforce the policy of using frequently rotated passwords or one-time access credentials for AWS users.

IMO A - one time access C - STS token rotates each time and valid for limited time

A | B are the answers First, you need to create an IAM user (B), which will provide username and password, then you activate MFA (A), for those users and it will cover the one-time access credentials

A & B Create the user then configure MFA. Should be what steps taken.

A & B Create the user then configure MFA. Should be what steps taken.

A and B I think Question wud have been , which two combinations of steps!!!

AB A = Frequently Rotated Passwords or One Time Passwords is satisfied by MFA B = In order to use username/password, privileged Users accounts need to be created using IAM

Ans: C and D

AB frequently rotated password (enable password expiration, never heard of single-use password policy) and "one-time access credentials in addition to username/password" (MFA)

A. Configure multi-factor authentication for privileged 1AM users D. Enable the 1AM single-use password policy option for privileged users

If anyone can help with this questions. A development team is designing an application that processes sensitive information within a hybrid deployment. the team needs to ensure the application data is protected both in transit and at rest. Which combination of actions should be taken to accomplish this? (select TWO). a. Use a VPN to set up a tunnel between the on-premises data center and the AWS resources. b. Use AWS Certification Manager to create a TLS/SSL certificates. c. Use AWS CloudHSM to encrypt the data. d. Use AWS KMS to create TLS/SSL certifications. e. Use AWS KMS to manage encryption keys used for data encryption.

frequently rotated passwords -- need IAM accounts to do that One time access creds -- refers to the mfa token which we can use only one time So B

I'm voting for A,D. MFA will not rotate your password, so it meets one of the requirement by the question. To rotate the password, you'll need to configure it from the password policy by setting password expire date, which is D. B is wrong, a IAM user for privileged accounts can still access with username/password.

When you use Multi Factor authentication, everytime, pw rotates ..So A has been selected instead of D. So answers are correct.