Enhancing Security Authentication for Privileged Users on AWS

Best Practices for Enhancing Security Authentication for Privileged Users

Question

Your company has defined privileged users for their AWS Account.

These users are administrators for key resources defined in the company.

There is now a mandate to enhance the security authentication for these users.

How can this be accomplished?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A.

The AWS Documentation mentions the following as the best practice for IAM users.

For extra security, enable multi-factor authentication (MFA) for privileged IAM users (users who are allowed access to sensitive resources or APIs)

With MFA, users have a device that generates a unique authentication code (a one-time password or OTP)

Users must provide both their normal credentials (like their user name and password) and the OTP.

The MFA device can either be a special piece of hardware or a virtual device (for example, it can run in an app on a smartphone).

For more information on IAM best practices, please visit the below URL:

https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Options B, C and D are invalid because the methods are not part of the "security authentication" mandate.

The best way to enhance security authentication for privileged users in an AWS account is to enable Multi-Factor Authentication (MFA) for these user accounts. MFA adds an extra layer of security by requiring the user to provide two or more factors to authenticate their identity, such as a password and a unique code generated by a security token.

Enabling versioning for user accounts is not relevant for enhancing security authentication. Versioning is used for object storage, and it allows for different versions of an object to be stored, but it does not add any extra security authentication measures.

Enabling accidental deletion is also not relevant for enhancing security authentication. Accidental deletion protection is a feature that prevents accidental deletion of critical resources, but it does not add any extra security authentication measures.

Disabling root access for privileged users is a good security practice, but it does not enhance security authentication. Root access is the highest level of access in an AWS account, and it is recommended to limit the use of the root account to essential tasks only. However, disabling root access alone is not enough to enhance security authentication for privileged users.

In summary, the best way to enhance security authentication for privileged users in an AWS account is to enable MFA for their user accounts.