AWS Certified Solutions Architect – Associate (SAA-C03) — Question 752

A company uses AWS to run its ecommerce platform. The platform is critical to the company's operations and has a high volume of traffic and transactions. The company configures a multi-factor authentication (MFA) device to secure its AWS account root user credentials. The company wants to ensure that it will not lose access to the root user account if the MFA device is lost.

Which solution will meet these requirements?

Answer options

• A. Set up a backup administrator account that the company can use to log in if the company loses the MFA device.
• B. Add multiple MFA devices for the root user account to handle the disaster scenario.
• C. Create a new administrator account when the company cannot access the root account.
• D. Attach the administrator policy to another IAM user when the company cannot access the root account.

Correct answer: B

Explanation

AWS allows you to associate multiple MFA devices (up to 8) with the AWS account root user, which provides a reliable backup option if the primary device is lost. Other methods, such as creating new admin accounts or assigning policies, do not restore access to the root user account itself, which is uniquely required for certain sensitive tasks. Additionally, if root access is lost, you cannot perform administrative actions that are exclusive to the root user.