Question 10: Correct
What are the default security credentials that are required to access the AWS management console
for an IAM user account?
Access keys
Security tokens
A user name and password
(Correct)
MFA
Explanation
The AWS Management Console allows you to access and manage Amazon Web Services through a
simple and intuitive web-based user interface. You can only access the AWS management console if you
have a valid user name and password.
The other options are incorrect:
"MFA" is incorrect. MFA is an additional layer of security (i.e. not required).
Although MFA is not required to access IAM user accounts, it is recommended to set it up for
all of your IAM users. With MFA enabled, when a user signs in to an AWS Management Console, they will
be prompted for their user name and password (the first factor—what they know), as well as for an
authentication code from their AWS MFA device (the second factor—what they have). Taken together,
these multiple factors provide increased security for your AWS account settings and resources.
� It is also recommended to set a password policy for all IAM users to specify complexity
requirements and mandatory rotation periods for their passwords.
You can use a password policy to do these things:
1- Set a minimum password length.
2- Require specific character types, including uppercase letters, lowercase letters, numbers, and non-
alphanumeric characters. Be sure to remind your users that passwords are case sensitive.
3- Allow all IAM users to change their own passwords.
4- Require IAM users to change their password after a specified period of time (enable password
expiration).
5- Prevent IAM users from reusing previous passwords.
6- Force IAM users to contact an account administrator when the user has allowed his or her password to
expire.
"Access keys" is incorrect. Access keys are long-term credentials that can be used to sign programmatic
requests to AWS.
Question 10: Correct
What are the default security credentials that are required to access the AWS management console
for an IAM user account?
Access keys
Security tokens
A user name and password
(Correct)
�MFA
Explanation
The AWS Management Console allows you to access and manage Amazon Web Services through a
simple and intuitive web-based user interface. You can only access the AWS management console if you
have a valid user name and password.
The other options are incorrect:
"MFA" is incorrect. MFA is an additional layer of security (i.e. not required).
Although MFA is not required to access IAM user accounts, it is recommended to set it up for
all of your IAM users. With MFA enabled, when a user signs in to an AWS Management Console, they will
be prompted for their user name and password (the first factor—what they know), as well as for an
authentication code from their AWS MFA device (the second factor—what they have). Taken together,
these multiple factors provide increased security for your AWS account settings and resources.
It is also recommended to set a password policy for all IAM users to specify complexity
requirements and mandatory rotation periods for their passwords.
You can use a password policy to do these things:
1- Set a minimum password length.
2- Require specific character types, including uppercase letters, lowercase letters, numbers, and non-
alphanumeric characters. Be sure to remind your users that passwords are case sensitive.
3- Allow all IAM users to change their own passwords.
4- Require IAM users to change their password after a specified period of time (enable password
expiration).
5- Prevent IAM users from reusing previous passwords.
6- Force IAM users to contact an account administrator when the user has allowed his or her password to
expire.
"Access keys" is incorrect. Access keys are long-term credentials that can be used to sign programmatic
requests to AWS.
