AWS Certified Security – Specialty — Question 92

While analyzing a company's security solution, a Security Engineer wants to secure the AWS account root user.
What should the Security Engineer do to provide the highest level of security for the account?

Answer options

• A. Create a new IAM user that has administrator permissions in the AWS account. Delete the password for the AWS account root user.
• B. Create a new IAM user that has administrator permissions in the AWS account. Modify the permissions for the existing IAM users.
• C. Replace the access key for the AWS account root user. Delete the password for the AWS account root user.
• D. Create a new IAM user that has administrator permissions in the AWS account. Enable multi-factor authentication for the AWS account root user.

Correct answer: D

Explanation

The correct answer is D because enabling multi-factor authentication (MFA) significantly enhances the security of the AWS account root user by requiring a second form of verification. Options A, B, and C do not address the security of the root user effectively; simply creating a new IAM user or modifying IAM permissions does not provide the same level of protection as implementing MFA.