Which service securely controls access to AWS resources for users?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Amazon Web Services (CISN 74A) Security Test with our interactive quizzes. Use multiple choice questions with detailed hints and explanations to ace your exam.

AWS Identity and Access Management (IAM) is the service designed to securely control access to AWS resources for users. IAM allows you to create and manage AWS users and groups, as well as set permissions that determine which resources those users and groups can access. By defining fine-grained access policies, it enables you to enforce the principle of least privilege, ensuring that users only have the permissions necessary to perform their job functions.

IAM supports multi-factor authentication (MFA), which adds an additional layer of security by requiring users to present two or more verification factors. This significantly strengthens the authentication process and helps protect sensitive resources.

Other options listed serve different purposes. For example, AWS Shield is primarily a managed DDoS protection service; it protects applications from DDoS attacks but does not manage user access. AWS WAF (Web Application Firewall) helps protect web applications from common web exploits but is not involved in user authentication or permissions. AWS Organizations is a service for managing multiple AWS accounts and consolidating billing but does not directly handle access control for users within those accounts.