AWS Certified SysOps Administrator – Associate — Question 148

A company's SysOps administrator needs to change the AWS Support plan for one of the company's AWS accounts. The account has multi-factor authentication (MFA) activated, and the MFA device is lost.

What should the SysOps administrator do to sign in?

Answer options

• A. Sign in as a root user by using email and phone verification. Set up a new MFA device. Change the root user password.
• B. Sign in as an IAM user with administrator permissions. Resynchronize the MFA token by using the IAM console.
• C. Sign in as an IAM user with administrator permissions. Reset the MFA device for the root user by adding a new device.
• D. Use the forgot-password process to verify the email address. Set up a new password and MFA device.

Correct answer: A

Explanation

The correct answer is A because signing in as the root user using email and phone verification allows the administrator to bypass MFA and set up a new device. Options B and C are incorrect as they involve IAM users, which don't have the necessary permissions to change the root account settings. Option D is also wrong since it doesn't address the need for MFA access to the root account directly.