AWS Certified SysOps Administrator SOA-C01 – Question520 - AWS Certified SysOps Administrator SOA-C01

Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?

A. Keep rotating your secure access credentials at regular intervals
B. Create individual IAM users
C. Create strong access key and secret access key and attach to the root account
D. Enable MFA for privileged users

Correct Answer: C

Explanation:

Explanation: It is a recommended approach to avoid using the access and secret access keys of the root account. Thus, do not download or delete it. Instead make the IAM user as powerful as the root account and use its credentials. The user cannot generate their own access and secret access keys as they are al-ways generated by AWS. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html