Home › AWS Cloud Practitioner › cloudcomputing › securitycompliance › The principle of least privilege, as applied via…
The principle of least privilege, as applied via IAM, recommends that you:
AAllow only the AWS root user to perform any action in the account
BBlock every API call by default and approve each one manually
CGive every developer administrator access to speed up delivery
DGrant a user (or role) only the specific permissions they need to do their job, and nothing more
Answer & Solution
Correct answer: D. Grant a user (or role) only the specific permissions they need to do their job, and nothing more
Least privilege means scoping permissions narrowly — exactly the actions, resources, and conditions the principal needs. Over-permissive defaults expand blast radius; under-permissive blocks legitimate work.
Related questions
AWS IAM Identity Center (formerly AWS SSO) primarily lets you:Which combination correctly describes encryption in transit versus encryption at rest?A team wants to block common web exploits like SQL injection and cross-site scripting at tAn organization wants to detect threats like unusual API calls, compromised EC2 instances,For Amazon RDS, which of the following best describes the shared responsibility split?What is the difference between an IAM user and an IAM role?Which AWS service logs all API calls made against the AWS account, so administrators can aWhich task can ONLY be performed by the AWS account root user, and not by any IAM user eve