AWS DevOps Engineer Professional DOP-C01 – Question421

Your CTO is very worried about the security of your AWS account. How best can you prevent hackers from completely hijacking your account?

A.
Use short but complex password on the root account and any administrators.
B. Use AWS IAM Geo-Lock and disallow anyone from logging in except for in your city.
C. Use MFA on all users and accounts, especially on the root account.
D. Don't write down or remember the root account password after creating the AWS account.

Correct Answer: C

Explanation:

Explanation:
For increased security, we recommend that you configure multi-factor authentication (MFA) to help protect your AWS resources. MFA adds extra security because it requires users to enter a unique authentication code from an approved authentication device or SMS text message when they access AWS websites or services.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa….