Question #879
Which practices are recommended for securing an AWS account root user? (Choose two.)
Store root user access keys for backup purposes.
Use the root user account for regular administrative activities.
Activate multi-factor authentication (MFA) for the root user.
Set up an IAM user with administrator permissions for daily tasks.
Provision additional root users for separate business units.
Explanation
C and D are correct because:
- C: Activating MFA for the root user adds an extra layer of protection against unauthorized access, a core AWS security recommendation.
- D: Using an IAM user with admin permissions for daily tasks reduces reliance on the root user, limiting its exposure to potential risks.
Other options are incorrect:
- A: Root access keys should never be created or stored, as they bypass all IAM policies and pose a severe security risk.
- B: The root user should only perform account-level tasks (e.g., changing billing info), not regular administrative work.
- E: AWS accounts have only one root user; additional root users cannot be provisioned.
Key Points: Always enable MFA for the root user, avoid using it for daily tasks, and use IAM roles/users instead.
Answer
The correct answer is: CD