Answer: Set up multi-factor authentication (MFA) for the root user, Delete the root user access keys

## Explanation **Correct Answers:** - **A: Set up multi-factor authentication (MFA) for the root user** - This is a critical security best practice as MFA adds an extra layer of protection to the root user account, which has full administrative access to all AWS services and resources. - **C: Delete the root user access keys** - Root user access keys should be deleted because they provide programmatic access with full administrative privileges. Using IAM users with appropriate permissions for programmatic access is much more secure. **Incorrect Answers:** - **B: Remove all IAM policies from the root user** - The root user inherently has full administrative access and cannot have IAM policies removed. It always has complete access to all AWS services and resources. - **D: Use the root user for daily tasks** - This is a security anti-pattern. The root user should only be used for specific account management tasks that require root-level permissions. Daily tasks should be performed using IAM users with appropriate permissions. - **E: Assign a read-only access policy to the root user** - This is not possible as the root user cannot have its permissions restricted. It always has full administrative access to the AWS account. **AWS Security Best Practices for Root User:** - Use MFA for root user - Don't use root user for daily tasks - Don't create access keys for root user - Use IAM users for routine operations - Regularly monitor root user activity - Store root user credentials securely

Author: Ritesh Yadav