Which IAM feature supports the principle of least privilege?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Amazon Web Services (CISN 74A) Security Test with our interactive quizzes. Use multiple choice questions with detailed hints and explanations to ace your exam.

The principle of least privilege is a security concept that emphasizes granting users only the permissions absolutely necessary to perform their job functions. This minimizes the risks associated with unnecessary access rights, which can lead to potential security breaches or unintentional errors.

Creating roles with only the specific permissions needed aligns perfectly with this principle. By defining roles that include only essential permissions, you ensure that users can carry out their tasks without having excessive access to other resources. This focused approach limits exposure to sensitive information and reduces the potential for misuse of permissions.

In contrast, assigning policies with full permissions to all users, using a single group for all IAM users, and enabling default permissions for all users all contradict the principle of least privilege. These practices can lead to over-provisioning of access and increase the risk of unauthorized actions within the AWS environment. Each of those options allows for wider access than necessary, which can compromise security and undermine effective access control.

More Multiple Choice Questions