Which combination of changes in existing IAM policies should a Database Specialist make to prevent an error like this from happening in the future?

A company is running a two-tier ecommerce application in one AWS account. The web server is deployed using an Amazon RDS for MySQL Multi-AZ DB instance. A Developer mistakenly deleted the database in the production environment. The database has been restored, but this resulted in hours of downtime and lost revenue.

Which combination of changes in existing IAM policies should a Database Specialist make to prevent an error like this from happening in the future? (Choose three.)
A . Grant least privilege to groups, users, and roles
B . Allow all users to restore a database from a backup that will reduce the overall downtime to restore the database
C . Enable multi-factor authentication for sensitive operations to access sensitive resources and API operations
D . Use policy conditions to restrict access to selective IP addresses
E . Use AccessList Controls policy type to restrict users for database instance deletion
F . Enable AWS CloudTrail logging and Enhanced Monitoring

View Answer

Answer: ACD

Explanation:

https://aws.amazon.com/blogs/database/using-iam-multifactor-authentication-with-amazon-rds/ https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/security_iam_id-based-policy-htmlhttps://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/DataDurability.html