AWS Certified Solutions Architect – Associate (SAA-C02) — Question 105

A company has established a new AWS account. The account is newly provisioned and no changed have been made to the default settings. The company is concerned about the security of the AWS account root user.
What should be done to secure the root user?

Answer options

• A. Create IAM users for daily administrative tasks. Disable the root user.
• B. Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user.
• C. Generate an access key for the root user. Use the access key for daily administration tasks instead of the AWS Management Console.
• D. Provide the root user credentials to the most senior solutions architect. Have the solutions architect use the root user for daily administration tasks.

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of enabling multi-factor authentication (MFA) on the root user to enhance security. Options A and D are inappropriate as they either suggest disabling the root user, which can limit access, or relying on a single individual for security. Option C is also not recommended since using access keys for the root user poses a security risk.