Exam AWS Certified Solutions Architect - Professional topic 1 question 708 discussion

B. A wrong because "When you create an account, AWS Organizations initially assigns a long (64 characters), complex, randomly generated password to the root user. You can't retrieve this initial password. To access the account as the root user for the first time, you must go through the process for password recovery. "

it is B for me. It makes more sense

B when the master creates a new member account then can switch to it without cross-account trust role (because it will be created automatically)

B for sure - Have had to use this option regularly at work. Would still recommend resetting the password of the root account however.

Not A because an email with password is never sent when creating the account form Orgs

B. As added value I would always want to reset the root password once, set mfa and vault both. If not, email admins can get themselves access in the future.

A is the correct answer. Reason: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html When an invited account joins your organization, you do not automatically have full administrator control over the account, unlike created accounts. If you want the management account to have full administrative control over an invited member account, you must create the OrganizationAccountAccessRole IAM role in the member account and grant permission to the management account to assume the role. When you create an account in your organization instead of inviting an existing account to join, AWS Organizations automatically creates an IAM role (named OrganizationAccountAccessRole by default) that you can use to grant users in the management account administrator access to the created account.

OrganizationAccountAccessRole is keyword here. B is right

B is right answer

B. From the master account, switch roles to assume the OrganizationAccountAccessRole role with the account ID of the new member account. Set up the IAM users as required.

When you create a new member account, Organizations sets an initial password for that account that can't be retrieved. To access the account as the root user for the first time, follow these instructions to reset the initial password. https://aws.amazon.com/premiumsupport/knowledge-center/organizations-member-account-access/

The correct option is A. Please see read the below link for the reference. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html

It's B

Im for B, in Neal Davis we practice this often on labs

BBB ---

Answer is B

I'll go with B https://aws.amazon.com/premiumsupport/knowledge-center/organizations-member-account-access/