Practice Test 2 | AWS Certified Cloud Practitioner | CLF-C01 | Dumps | Mock Test

Correct Answers: C

• Option A is incorrect. The principle of “Grant Least Privilege” suggests providing the least & granular access to any User for accessing AWS services. This will help enhance the security of the system and prevent users from performing malicious/accidental tasks within the AWS environment that may compromise the system
• Option B is incorrect. It’s always best to see what kind of access the user requires. If a user does not use the Command Line Interface (CLI), it’s best to avoid giving him access to Access Keys. Similarly, if a user only uses the CLI for development, he should be prohibited from accessing the AWS admin console using a password
• Option C is CORRECT. Roles provide temporary access to AWS services & they don’t require sharing the Access Keys. A role that is created may be assigned a definite set of permissions for accessing different services. The service that uses the role actually assumes the role with which it can perform actions on another service. This way, we can induce granular permissions as well as prevent long-lived Access Keys from being compromised
• Option D is incorrect. Cross account access are scenarios where users in one Account would like to access services of other Accounts. Eg An user may use AWS Partner solutions to interact with a Customer’s Account for monitoring it or do some orchestration. Access keys are long-lived credentials for which the AWS Partner must ensure to manage those keys by rotating them frequently to avoid them from being compromised. Roles defined with temporary access permissions when given to the user for accessing the Customer’s account will be a best practice here without having to provide Access keys.

Reference:

• https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html