Answer-first summary for fast verification
Answer: Create SCPs that restrict actions like creating access keys for the root user, disabling MFA, and using the root user for API calls, while allowing necessary administrative tasks through IAM roles.
Option B is the correct approach as it involves creating targeted SCPs that restrict specific high-risk actions by the root user, enhancing security without completely disabling the root account, which might be needed for certain administrative tasks.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You are tasked with implementing Service Control Policies (SCPs) in AWS Organizations to enforce a policy that limits the use of the root account. Describe how you would design and deploy these SCPs, including specific actions or services you would restrict to enhance security.
A
Deploy SCPs that completely disable the root account usage across all accounts.
B
Create SCPs that restrict actions like creating access keys for the root user, disabling MFA, and using the root user for API calls, while allowing necessary administrative tasks through IAM roles.
C
Use SCPs to monitor root account usage without restricting any actions.
D
Disable SCPs and rely on IAM policies to manage root account usage.