AWS Certified Cloud Practitioner — Question 551

A user is using AWS account root user credentials to try to close an AWS account that is managed by AWS Organizations. However, the attempt is unsuccessful.

What could cause this attempt to be unsuccessful?

Answer options

• A. No multi-factor authentication (MFA) has been configured.
• B. The root user is not specifically assigned to the administration group.
• C. The root user's password does not meet the minimum password complexity requirements.
• D. The organizational administrator has used a service control policy (SCP) to limit the root user permissions.

Correct answer: D

Explanation

Service control policies (SCPs) in AWS Organizations can restrict permissions for all accounts in an organization, including the root user of member accounts. If an SCP is configured to deny the permission to close an account, the root user will be unable to perform this action. The other options are incorrect because root users are not managed by IAM groups, and MFA status or password complexity rules do not block account closure actions.