Explanation

Correct Answers:

• A: Set up multi-factor authentication (MFA) for the root user - This is a critical security best practice as MFA adds an extra layer of protection to the root user account, which has full administrative access to all AWS services and resources.
• C: Delete the root user access keys - Root user access keys should be deleted because they provide programmatic access with full administrative privileges. Using IAM users with appropriate permissions for programmatic access is much more secure.

Incorrect Answers:

• B: Remove all IAM policies from the root user - The root user inherently has full administrative access and cannot have IAM policies removed. It always has complete access to all AWS services and resources.
• D: Use the root user for daily tasks - This is a security anti-pattern. The root user should only be used for specific account management tasks that require root-level permissions. Daily tasks should be performed using IAM users with appropriate permissions.
• E: Assign a read-only access policy to the root user - This is not possible as the root user cannot have its permissions restricted. It always has full administrative access to the AWS account.

AWS Security Best Practices for Root User:

• Use MFA for root user
• Don't use root user for daily tasks
• Don't create access keys for root user
• Use IAM users for routine operations
• Regularly monitor root user activity
• Store root user credentials securely