What it is: Recommended security practices for managing identities and permissions in AWS.

What it’s for:

• Reduce risk of account compromise.
• Improve auditing and accountability.
• Enforce least privilege.

Top exam best practices (from the question):

• Enable MFA for privileged users (admins / power users).
• Configure CloudTrail to log all IAM actions.

Common wrong practices (exam traps):

• Don’t use long-term user credentials for EC2; use Instance Profile (IAM Role).
• Don’t grant maximum privileges; follow Least Privilege.
• Don’t share credentials; use individual identities and roles.

Hard words (English + IPA + Vietnamese meaning):

• *privileged* /ˈprɪvəlɪdʒd/: đặc quyền
• *auditing* /ˈɔːdɪtɪŋ/: kiểm toán
• *accountability* /əˌkaʊntəˈbɪləti/: trách nhiệm rõ ràng