MFA + Roles

IAM is used to manage users and their access to AWS, and AWS service, as well as access from one AWS resource to another including: Users, Groups, Roles, Access Policies, API Keys, Password Policies, Multi-Factor Authentication.

Security groups are manged through EC2 or VPC services.

Option B is incorrect – The AWS Certificate Manager can be used to generate SSL certificates to encrypt traffic in transit, but not at rest.

Option C is incorrect – It is used for issuing tokens while using the API gateway for traffic in transit.

Option D is used for secure access to EC2 Instances.

Option A is incorrect since SSL helps to encrypt data in transit.

Option C is incorrect because it also does not help in encrypting the data at rest.

Option D is incorrect because the snapshot of an unencrypted volume is also unencrypted.

Which Amazon service assesses your AWS cloud for security vulnerabilities?

Amazon Inspector automatically scans applications against AWS best practices to assess vulnerabilities. Admins can then act on Inspector's assessment reports, using AWS security tools to shore up weaknesses. The API-driven Inspector service fits within a DevSecOps approach as well, helping ensure fast, secure app deployments.

What is the main purpose of AWS Key Management Service (KMS)?

AWS KMS enables admins to establish encryption control from a centralized location. The service uses two levels of encryption: The data key encrypts each resource or piece of data, and the customer master key enables admins to import their own key material, instead of trusting KMS. Admins access KMS through the AWS IAM console, software development kit or command-line interface.