AWS Certified SysOps Administrator – Associate (legacy) — Question 607

Which of the below mentioned options is not a best practice to securely manage the AWS access credentials?

Answer options

• A. Keep rotating your secure access credentials at regular intervals
• B. Create individual IAM users
• C. Create strong access key and secret access key and attach to the root account
• D. Enable MFA for privileged users

Correct answer: C

Explanation

Attaching access keys directly to the AWS root account is a major security risk because the root account has unrestricted access to all resources. AWS best practices strongly recommend locking away the root user credentials and using individual IAM users with least-privilege permissions instead. In contrast, rotating credentials, creating individual IAM users, and enabling MFA are all highly recommended security practices.