AWS Certified Cloud Practitioner — Question 382

A company's information security manager is supervising a move to AWS and wants to ensure that AWS best practices are followed. The manager has concerns about the potential misuse of AWS account root user credentials.

Which of the following is an AWS best practice for using the AWS account root user credentials?

Answer options

• A. Allow only the manager to use the account root user credentials for normal activities.
• B. Use the account root user credentials only for Amazon EC2 instances from the AWS Free Tier.
• C. Use the account root user credentials only when they alone must be used to perform a required function.
• D. Use the account root user credentials only for the creation of private VPC subnets.

Correct answer: C

Explanation

AWS strongly recommends securing the root user credentials and using them only for the limited number of tasks that explicitly require root-level access. For all other everyday administrative and operational activities, AWS Identity and Access Management (IAM) users or roles with least-privilege permissions should be used instead. Options A, B, and D are incorrect because they suggest using root credentials for tasks that can and should be performed using standard IAM policies.