ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 502 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 502
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company has many member accounts in an organization in AWS Organizations. The company is concerned about the potential for misuse of the AWS account root user credentials for member accounts in the organization. To address this potential misuse, the company wants to ensure that even if the account root user credentials are compromised, the account is still protected.

Which solution will meet this requirement?

  • A. Block service access by using SCPs for the root user.
  • B. Remove the password for the root user.
  • C. Delete access keys for the root user.
  • D. Create an Amazon CloudWatch Events rule to detect any AWS account root user API events.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Mark1000 at June 4, 2023, 7:53 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Mark1000
Highly Voted 1 year, 11 months ago
A https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-root-user
upvoted 5 times
...
Noexperience
Most Recent 1 year, 9 months ago
Selected Answer: C
Access keys are used for programmatic access to AWS services, and they include an access key ID and a secret access key. If these access keys for the root user are compromised, an attacker could potentially gain full control over the account and its resources. By deleting the access keys, you effectively prevent the use of these credentials for unauthorized access.
upvoted 1 times
...
6_8ftwin
1 year, 11 months ago
Selected Answer: A
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
upvoted 3 times
...
sqqz
1 year, 11 months ago
Selected Answer: A
A, scp
upvoted 3 times
...
michele_scar
1 year, 11 months ago
Selected Answer: A
SCP with block for root user -> Security Best Practice
upvoted 2 times
...
PranayF
1 year, 11 months ago
Selected Answer: A
Deleting access keys for the root user doesn't block the console access
upvoted 4 times
...
cloudenthusiast
1 year, 11 months ago
Selected Answer: C
To ensure that even if the account root user credentials are compromised, the account is still protected, the most effective solution is: C. Delete access keys for the root user. By deleting the access keys for the root user, you are effectively disabling programmatic access to the account using the root user credentials. This mitigates the risk of unauthorized API access and helps protect the account from potential misuse.
upvoted 3 times
Green53
1 year, 11 months ago
It the root user credentials are compromised, they can simply recreate the access keys. The SCP ensures that even if someone compromises the root account, they can't access any services.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel