AWS Certified Cloud Practitioner

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

Which actions are AWS security best practices for using AWS Identity and Access Management (IAM) to manage an AWS account root user? (Select TWO.)

Real Exam

Community

RRitesh

Set up multi-factor authentication (MFA) for the root user

Remove all IAM policies from the root user

Delete the root user access keys

Use the root user for daily tasks

Assign a read-only access policy to the root user

Explanation:

Explanation

Correct Answers:

A: Set up multi-factor authentication (MFA) for the root user - This is a critical security best practice as MFA adds an extra layer of protection to the root user account, which has full administrative access to all AWS services and resources.
C: Delete the root user access keys - Root user access keys should be deleted because they provide programmatic access with full administrative privileges. Using IAM users with appropriate permissions for programmatic access is much more secure.

Incorrect Answers:

B: Remove all IAM policies from the root user - The root user inherently has full administrative access and cannot have IAM policies removed. It always has complete access to all AWS services and resources.
D: Use the root user for daily tasks - This is a security anti-pattern. The root user should only be used for specific account management tasks that require root-level permissions. Daily tasks should be performed using IAM users with appropriate permissions.
E: Assign a read-only access policy to the root user - This is not possible as the root user cannot have its permissions restricted. It always has full administrative access to the AWS account.

AWS Security Best Practices for Root User:

Powered ByGemini-3 Flash

Loading comments...