AWS Certified Cloud Practitioner — Question 14

Which of the following is an AWS best practice for managing an AWS account root user?

Answer options

• A. Keep the root user password with the security team.
• B. Enable multi-factor authentication (MFA) for the root user.
• C. Create an access key for the root user.
• D. Keep the root user password consistent for compliance purposes.

Correct answer: B

Explanation

Enabling multi-factor authentication (MFA) for the root user is a crucial security measure that adds an extra layer of protection against unauthorized access. The other options are not recommended; for instance, storing the password with the security team can lead to potential security issues, and creating an access key for the root user increases the risk of compromise. Keeping the password consistent undermines security best practices, which advocate for strong, unique passwords.