Bird
0
0

You created an IAM user with full S3 access but forgot to enable MFA. What is the best way to fix this?

medium📝 Debug Q14 of 15
AWS - Identity and Access Management
You created an IAM user with full S3 access but forgot to enable MFA. What is the best way to fix this?
AAttach an MFA policy and require MFA for sensitive actions
BDelete the user and create a new one with MFA enabled
CRemove all permissions from the user
DShare the root account credentials with the user
Step-by-Step Solution
Solution:

  1. Step 1: Understand MFA enforcement

    MFA can be required by attaching policies that enforce MFA for sensitive actions.

  2. Step 2: Apply best practice

    Attaching an MFA policy is better than deleting the user or removing permissions.

  3. Final Answer:

    Attach an MFA policy and require MFA for sensitive actions -> Option A

  4. Quick Check:

    Enable MFA via policy, don't delete users [OK]
Quick Trick: Use policies to enforce MFA, not user deletion [OK]
Common Mistakes:
MISTAKES
  • Deleting users unnecessarily
  • Removing all permissions without MFA
  • Sharing root credentials

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Setting up billing alerts - Quiz 5medium AWS Account and Billing - Resource tagging for cost tracking - Quiz 6medium AWS CLI - Installing AWS CLI - Quiz 12easy EC2 Fundamentals - EC2 pricing models (on-demand, reserved, spot) - Quiz 6medium EC2 Fundamentals - Launching an EC2 instance - Quiz 3easy Identity and Access Management - Why IAM is foundational - Quiz 8hard S3 Fundamentals - Static website hosting on S3 - Quiz 13medium S3 Fundamentals - Creating S3 buckets - Quiz 15hard Security Groups and Network ACLs - Network ACLs overview - Quiz 8hard Security Groups and Network ACLs - Stateful behavior of security groups - Quiz 2easy