AIncorrect
Access key rotation
Access key rotation is an operational practice of periodically updating programmatic credentials to reduce the risk of leakage.
It does not require an additional factor at sign-in, so this is incorrect.
Which mechanism requires an additional factor such as a one-time code in addition to a password at sign-in, making it harder for an attacker to log in even if the password is compromised?
1 / 1
Select an answer
CorrectB
Explanation
A question asking to identify the authentication-strengthening mechanism that adds an extra factor to a password.
- 1「in addition to a password」Adding another factor to the knowledge factor = multi-factor
- 2「additional factor such as a one-time code」Verification by a possession factor (mobile/key) = MFA
- 3「harder for an attacker to log in」Limits damage when a password is leaked
BCorrect
Multi-factor authentication (MFA)
This is correct. Multi-factor authentication (MFA) is a mechanism that requires an additional factor such as a one-time code (possession factor) in addition to a password (knowledge factor). Even if a password is leaked, an attacker cannot log in without the second factor, greatly preventing unauthorized access.
CIncorrect
Security group
A security group is a firewall that controls traffic to an instance.
It does not require an additional factor for sign-in authentication, so this is incorrect.
DIncorrect
Encryption
Encryption is a technique that protects data by making it unreadable.
It is different from the mechanism that requires an additional factor for identity verification at sign-in, so this is incorrect.
Key Takeaway
'Password + additional factor' and 'one-time code' both point to MFA (multi-factor authentication). Enabling MFA is strongly recommended especially for the root user and privileged IAM users.