Exam AWS Certified Cloud Practitioner topic 1 question 301 discussion

IAM user access keys – If you are an IAM user and you forget your access keys, you will need new access keys. If you have permission to create your own access keys, you can find instructions for creating a new one at Managing access keys (console). If you do not have the required permissions, you must ask your administrator to create new access keys. If you are still using your old keys, ask your administrator not to delete the old keys. To learn how an administrator can manage your access keys, see Managing access keys for IAM users. You should follow the AWS best practice of periodically changing your password and AWS access keys. In AWS, you change access keys by rotating them. This means that you create a new one, configure your applications to use the new key, and then delete the old one. You are allowed to have two access key pairs active at the same time for just this reason. For more information, see Rotating access keys.

If a user loses an IAM secret access key, the recommended action is to create a new user with a new access key and a new secret access key. This ensures that the lost key is invalidated, and any potential security risk is mitigated. So the right answer is B!

Rotating the secret access key means generating a new access key and secret access key for the IAM user, while invalidating the old key. This provides a way to mitigate potential security risks if the old key was compromised.

I think the moderator got this one correct. https://securingthe.cloud/2020/how-to-fix-exposed-aws-credentials/ If an IAM access key is lost, you can disable it, then delete it, in the IAM console with any user that has permissions: 1. Sign into the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/. 2. In the navigation pane, choose Users. 3. Choose the name of the user of the access keys you want to manage, and then choose the Security credentials tab. 4. In the Access keys section, disable an active access key by choosing Make inactive. 5. I recommend you only disable the access key until you have confirmed it’s not being used for anything critical, and you will see access denied attempts in your CloudTrail logs until its deleted. This provides you more information into who or what is trying to use it. . To delete an access key, choose its X button at the end of the row. When prompted for confirmation, choose Delete.

Answer is correct, B. Rotating access keys is a proactive security measure where you generate new keys to replace the existing ones to enhance security. Creating a new user with new access keys is a common approach when an IAM secret access key is lost. By creating a new user, you can start with a clean slate and have full control over the new access keys and permissions associated with the user. https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/ https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys_retrieve.html

C. better

create a new one access key,so answer C is right

C is better

If a user loses an IAM secret access key, the best course of action is to rotate the secret access key. This can be done by the user themselves, provided they still have access to their AWS account and the permissions required to perform this action. C. Rotate the secret access key: IAM users can rotate their own access keys to help protect their AWS resources. When an access key is rotated, AWS invalidates the existing access key and generates a new one. The user can then use the new access key to access AWS resources, and the old access key is no longer valid.

Rotating the secret access key means creating a new key and deactivating the old one. It is a good security practice to rotate the access keys periodically or when there is a potential for a key to be compromised. However, if a user has lost the secret access key, rotating it would not help in retrieving it. Instead, the user should create a new access key and delete the lost one.

B. Create a new user with a new access key and a new secret access key. If an IAM user loses an access key or secret access key, the best practice is to disable the key or delete the user and create a new user with a new access key and a new secret access key. This ensures that any security risks associated with the lost key are minimized.

C is the answer.

C is the best choice here. The best answer would be to create a new access key and delete the lost key. You don't need to create a new user. Therefore, rotating out the lost secret key would be the better answer. Also, the AWS recommended IAM best practice. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys_retrieve.html

IAM user access keys – If you are an IAM user and you forget your access keys, you will need new access keys. If you have permission to create your own access keys, you can find instructions for creating a new one at Managing access keys (console). If you do not have the required permissions, you must ask your administrator to create new access keys. If you are still using your old keys, ask your administrator not to delete the old keys. To learn how an administrator can manage your access keys, see Managing access keys for IAM users.

Correct option C, because lost keys can be used against the owner of the account. Changing access keys (which consist of an access key ID and a secret access key) on a regular schedule is a well-known security best practice because it shortens the period an access key is active and therefore reduces the business impact if they are compromised. Having an established process that is run regularly also ensures the operational steps around key rotation are verified, so changing a key is never a scary step.

right, B