ExpertEasy1 markMultiple Choice
AWS SAA-C03 · Question 06 · Domain 1.1: Secure Access
A solutions architect is reviewing the security of an AWS account. The architect notices that the AWS account root user has been used recently to perform administrative tasks. What should the architect recommend to secure the root user? (Select the BEST answer.)
A solutions architect is reviewing the security of an AWS account. The architect notices that the AWS account root user has been used recently to perform administrative tasks. What should the architect recommend to secure the root user? (Select the BEST answer.)
Answer options:
A.
Delete the root user and create an IAM user with AdministratorAccess.
B.
Enable multi-factor authentication (MFA) on the root user, create an IAM admin user for daily tasks, and lock away the root user credentials.
C.
Attach an IAM policy to the root user that denies all actions except billing access.
D.
Generate access keys for the root user and use them in a secure bastion host.
How to approach this question
Recall AWS best practices for the root user: MFA, do not use for daily tasks, do not generate access keys.
Full Answer
B.Enable multi-factor authentication (MFA) on the root user, create an IAM admin user for daily tasks, and lock away the root user credentials.✓ Correct
Enable multi-factor authentication (MFA) on the root user, create an IAM admin user for daily tasks, and lock away the root user credentials.
The root user has unrestricted access to all resources in the AWS account. Best practice is to enable MFA, create an IAM user with administrative privileges for everyday tasks, and securely store the root user credentials, using them only for specific tasks that require root access.
Common mistakes
Believing the root user can be deleted or restricted via IAM policies.
Practice the full AWS SAA-C03 Practice Exam 1
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02A solutions architect is designing an application that will run on Amazon EC2 instances. The appl...EasyQ03A company wants to implement a federated identity solution for its employees to access the AWS Ma...MediumQ04A mobile application needs to access Amazon DynamoDB directly to read user-specific data. The app...HardQ05A company is hosting a web application on Amazon EC2 instances. The application connects to an Am...Medium