Question 26
Domain 4: Identity and Access ManagementAn AWS security architect is reviewing how applications authenticate to AWS services. Which statement best distinguishes long-term credentials from temporary credentials in AWS?
Correct answer: B
Explanation
Long-term credentials are persistent credentials that remain valid until they are changed or deleted, whereas temporary credentials are time-limited and expire automatically. — AWS-Certified-Security-Specialty_Exam-Guide.txt
Why each option is right or wrong
A. Long-term credentials are issued for short sessions, while temporary credentials stay active until an administrator revokes them.
Temporary credentials are time-limited and expire automatically rather than remaining active indefinitely.
B. Long-term credentials persist until rotated or removed, while temporary credentials are designed to expire after a limited period.
The source distinguishes AWS credentialing mechanisms by duration: long-term credentials are persistent, while temporary credentials are valid only for a limited time and then expire. That makes this the only option that correctly states the defining difference between the two mechanisms.
C. Long-term credentials can be used only for human users, while temporary credentials can be used only for applications and services.
Credential type is defined by persistence versus expiration, not exclusively by whether the principal is a person or an application.
D. Long-term credentials automatically expire at the end of each day, while temporary credentials never require renewal during active use.
Long-term credentials do not automatically expire on a daily schedule; temporary credentials are the expiring credential type.