AWS Certified Security – Specialty (SCS-C02) — Question 13

What are the MOST secure ways to protect the AWS account root user of a recently opened AWS account? (Choose two.)

Answer options

• A. Use the AWS account root user access keys instead of the AWS Management Console.
• B. Enable multi-factor authentication for the AWS IAM users with the AdministratorAccess managed policy attached to them.
• C. Use AWS KMS to encrypt all AWS account root user and AWS IAM access keys and set automatic rotation to 30 days.
• D. Do not create access keys for the AWS account root user; instead, create AWS IAM users.
• E. Enable multi-factor authentication for the AWS account root user.

Correct answer: D, E

Explanation

The correct options, D and E, stress the importance of not using root user access keys and enabling multi-factor authentication for enhanced security. Option A is incorrect because using access keys for the root user increases risk, while option B, although a good practice, does not specifically pertain to securing the root user. Option C does not directly address the root account security adequately.