You want to enforce MFA for all IAM users accessing the AWS Management Console but allow programmatic access without MFA. How should you configure the IAM policy?

hard📝 Architecture Q8 of 15

AWS - Identity and Access Management

ARequire MFA for all actions regardless of access method.

BCreate a policy that requires MFA only for console login actions and attach it to all users.

CDisable MFA enforcement and rely on strong passwords.

DAttach a policy that requires MFA only for API calls.

Step-by-Step Solution

Solution:

Step 1: Understand access types
Console login and programmatic access use different actions in IAM policies.
Step 2: Configure policy for console only
Require MFA only for console login actions to allow programmatic access without MFA.
Final Answer:
Create a policy that requires MFA only for console login actions and attach it to all users. -> Option B
Quick Check:
MFA for console only = policy targets console login actions [OK]

Quick Trick: Target MFA requirement to console login actions only [OK]

Common Mistakes:

Requiring MFA for all actions
Disabling MFA enforcement
Applying MFA only to API calls

Master "Identity and Access Management" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More AWS Quizzes

You want to enforce MFA for all IAM users accessing the AWS Management Console but allow programmatic access without MFA. How should you configure the IAM policy?

Step 1: Understand access types

Step 2: Configure policy for console only

Final Answer:

Quick Check:

Want More Practice?