AWS Certified Cloud Practitioner — Question 550

A user is using AWS account root user credentials to try to close an AWS account that is managed by AWS Organizations. However, the attempt is unsuccessful.

What could cause this attempt to be unsuccessful?

Answer options

• A. No multi-factor authentication (MFA) has been configured.
• B. The root user is not specifically assigned to the administration group.
• C. The root user's password does not meet the minimum password complexity requirements.
• D. The organizational administrator has used a service control policy (SCP) to limit the root user permissions.

Correct answer: D

Explanation

Service control policies (SCPs) in AWS Organizations can be used to restrict permissions of member accounts, including those of the root user, which can prevent account closure. The root user does not belong to IAM groups, making option B incorrect, while MFA configuration and password complexity do not prevent a logged-in root user from closing an account.