Answer-first summary for fast verification
Answer: Require multi-factor authentication (MFA) for privileged users.
## Explanation **Requiring multi-factor authentication (MFA) for privileged users** is the most effective security measure among the options because: - **MFA adds an extra layer of security** beyond just passwords, making it much harder for attackers to gain unauthorized access - **Privileged users** (administrators, root users, etc.) have the highest level of access and pose the greatest security risk if compromised - **AWS strongly recommends** enabling MFA for all privileged users as a security best practice **Why the other options are incorrect:** - **Removing the root user account** is not possible - the root user account is permanent and cannot be deleted - **Creating an access key for the AWS account root user** is actually a security risk - AWS recommends avoiding using root user access keys - **Creating an access key for each privileged user** doesn't inherently improve security and could increase the attack surface if not properly managed **Best Practice:** Always enable MFA for privileged users and avoid using root user access keys whenever possible.
Author: Ritesh Yadav
Ultimate access to all questions.
Which action should a company take to improve security in its AWS account?
A
Require multi-factor authentication (MFA) for privileged users.
B
Remove the root user account.
C
Create an access key for the AWS account root user.
D
Create an access key for each privileged user.
No comments yet.