A company has established a new AWS account. The account is newly provisioned and no changes have been made to the default settings. The company is concerned about the security of the AWS account root user. What should be done to secure the root user?
Choose an answer
Tap an option to check your answer.
Correct answer: Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user..
Why this is the answer
The correct approach is to create IAM users for daily administrative tasks and enable multi-factor authentication (MFA) on the root user. The root user has unrestricted access to all resources in the AWS account and should only be used for tasks that specifically require root user permissions, such as changing account settings or closing the account. Enabling MFA adds an extra layer of security, making it significantly harder for unauthorized individuals to access the root account even if they obtain the password. Disabling the root user is not possible; it is a permanent credential for the account. Generating an access key for the root user and using it for daily administration is a security risk because it provides programmatic access with full permissions, which is unnecessary and dangerous for routine tasks. Providing root user credentials to an individual for daily administration is also a major security vulnerability, as it exposes the most powerful account to potential compromise and violates the principle of least privilege.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed