AWS Certified Security – Specialty SCS-C01 – Question114 - AWS Certified Security

While analyzing a company's security solution, a Security Engineer wants to secure the AWS account root user. What should the Security Engineer do to provide the highest level of security for the account?

A. Create a new IAM user that has administrator permissions in the AWS account. Delete the password for the AWS account root user.
B. Create a new IAM user that has administrator permissions in the AWS account. Modify the permissions for the existing IAM users.
C. Replace the access key for the AWS account root user. Delete the password for the AWS account root user.
D. Create a new IAM user that has administrator permissions in the AWS account. Enable multi-factor authentication for the AWS account root user.

Correct Answer: D

Explanation:

Explanation: If you continue to use the root user credentials, we recommend that you follow the security best practice to enable multi-factor authentication (MFA) for your account. Because your root user can perform sensitive operations in your account, adding an additional layer of authentication helps you to better secure your account. Multiple types of MFA are available. Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html