ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 114 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 114
Topic #: 1
[All AWS Certified Security - Specialty Questions]

While analyzing a company's security solution, a Security Engineer wants to secure the AWS account root user.
What should the Security Engineer do to provide the highest level of security for the account?

  • A. Create a new IAM user that has administrator permissions in the AWS account. Delete the password for the AWS account root user.
  • B. Create a new IAM user that has administrator permissions in the AWS account. Modify the permissions for the existing IAM users.
  • C. Replace the access key for the AWS account root user. Delete the password for the AWS account root user.
  • D. Create a new IAM user that has administrator permissions in the AWS account. Enable multi-factor authentication for the AWS account root user.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
If you continue to use the root user credentials, we recommend that you follow the security best practice to enable multi-factor authentication (MFA) for your account. Because your root user can perform sensitive operations in your account, adding an additional layer of authentication helps you to better secure your account. Multiple types of MFA are available.
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
by RaySmith at March 19, 2020, 9:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lunamycat
Highly Voted 3 years, 7 months ago
D create IAM admin, MFA for accounts (esp root) and remove programatic keys for root user (not included)
upvoted 20 times
...
ITGURU51
Most Recent 2 years, 1 month ago
MFA is the most efficient way to secure the root account because it is consider an AWS best practice. Another option would be to not use the root account and to create an IAM user with the same admin right as the root account.
upvoted 1 times
...
Ell89
2 years, 2 months ago
Selected Answer: D
D - should only be using the root user for the bare essentials.
upvoted 1 times
...
MungKey
2 years, 8 months ago
A - Not correct, one cannot delete the password for the AWS account root user B - Not correct, does not secure the root user C - Not correct, recommendation is to delete the access keys for root user D - Ok, user with admin to be used instead of root user. Enable MFA for root user
upvoted 2 times
...
Radhaghosh
3 years, 3 months ago
D is correct (AWS Best Practices)
upvoted 1 times
...
kiev
3 years, 6 months ago
D for sure and that makes it full house D
upvoted 3 times
...
Larsson
3 years, 6 months ago
D, delete the access keys and MFA are the common measures iiuc
upvoted 4 times
...
NANDY666
3 years, 6 months ago
D is Correct
upvoted 3 times
...
devjava
3 years, 7 months ago
Ans > D
upvoted 2 times
...
DanMuniz
3 years, 7 months ago
D, MFA enabled in the root account as well.
upvoted 1 times
...
gfhbox0083
3 years, 7 months ago
D, for sure. Enable multi-factor authentication for the AWS account root user.
upvoted 1 times
...
Raj9
3 years, 7 months ago
agreed, D
upvoted 1 times
...
RaySmith
3 years, 7 months ago
D for me
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago