SAA-C03 Question #520: Real Exam Question with Answer & Explanation

Question

A company has established a new AWS account. The account is newly provisioned and no changes have been made to the default settings. The company is concerned about the security of the AWS account root user. What should be done to secure the root user?

Options

• ACreate IAM users for daily administrative tasks. Disable the root user.
• BCreate IAM users for daily administrative tasks. Enable multi-factor authentication on the root
• CGenerate an access key for the root user. Use the access key for daily administration tasks
• DProvide the root user credentials to the most senior solutions architect. Have the solutions

Explanation

According to the AWS Well-Architected Framework ?Security Pillar and the AWS Identity and Access Management (IAM) User Guide, the root user account in an AWS account is extremely powerful and should be protected with strict security measures. From AWS documentation: "We recommend that you not use the root user for everyday tasks, even administrative ones. Instead, create IAM users and grant them only the permissions they need. To help protect your AWS account, enable multi-factor authentication (MFA) for the root user." The correct and recommended action is to create IAM users with specific permissions for daily operations and enable MFA on the root user to provide an additional layer of security. The root user cannot be disabled, so Option A is technically incorrect. AWS also explicitly advises against using root access keys (Option C) or sharing root credentials (Option D), both of which violate the principle of least privilege. Best practices summarized from AWS official documentation: Do not use root user for routine tasks Enable MFA for root user immediately Create individual IAM users and assign least privilege Avoid creating or using root user access keys

No community discussion yet for this question.