When configuring a new employee’s access in AWS IAM, what is a best practice for ensuring they only have the necessary permissions to fulfill their job responsibilities?

When configuring a new employee’s access in AWS IAM, what is a best practice for ensuring they only have the necessary permissions to fulfill their job responsibilities?
A . Grant full administrative privileges to ensure no access barriers
B . Use managed policies to assign permissions
C . Assign permissions directly to individual user accounts
D . Always use default IAM policies

View Answer

Answer: B

Explanation:

Correct Answer. B. Use managed policies to assign permissions Using managed policies is a best practice for assigning permissions in AWS IAM. Managed policies are maintained by AWS and are designed to provide permissions that align with common job functions, which helps in applying the principle of least privilege effectively.

Option A is incorrect because granting full administrative privileges can lead to excessive permissions beyond what is necessary for job responsibilities.

Option C is incorrect because assigning permissions directly to users can lead to complicated and potentially insecure configurations. It is better to assign permissions to roles or groups and then associate users with these roles or groups.

Option D is incorrect because relying solely on default IAM policies may not adequately match the specific security requirements of the organization or the principle of least privilege.