The correct answer is Static token or password files are stored in readable form and can be copied and shared, weakening access controls.

Storing credentials as static files means the secret material exists in a readable form on disk or in simple files and it can be copied or redistributed without trace. This makes it difficult to enforce accountability and it is hard to revoke access quickly because any copied file continues to work until it is rotated or removed. For these reasons relying on static credential files weakens access controls and increases the risk of unauthorized cluster access.

Static files by themselves cannot enforce multifactor authentication is incorrect because although static files do not implement MFA on their own the question is asking for the primary reason static files are discouraged and that primary reason is their readability and copyability which directly weakens access controls.

Using static credential files requires manual updates when user access changes which increases administrative overhead is incorrect because the operational overhead of manual updates is a valid drawback but it is not the central security concern emphasized by the correct answer which focuses on easily copied readable credentials.

Static credential files do not integrate with external identity systems such as Cloud IAM or OpenID Connect is incorrect because lack of integration is an interoperability limitation but it does not by itself capture the core security problem that static files can be copied and shared and therefore weaken access controls.

Full AWS Practitioner Certification Question