A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user. How should the Administrator ensure that this is done?
A.
Change the root user password by using the AWS CLI routinely.
B.
Periodically use the AWS CLI to rotate access keys and secret keys for the root user.
C.
Use AWS Trusted Advisor security checks to review the configuration of the root user.
D.
Periodically distribute the AWS compliance document from AWS Artifact that governs the root user configuration.
After long research, I also vote for ans C. MFA is also Part of root user security and AWS always enforces. So Trusted advisor will check whether the root account is enabled for MFA or not
By using Trusted Advisor security checks, the Administrator can review the configuration of the root user and identify any security best practice violations or misconfigurations. Trusted Advisor will provide recommendations for improving the security posture of the AWS account, including suggestions related to the root user.
Options A and B are not recommended because they involve changing access keys, secret keys, or passwords for the root user, which should be avoided whenever possible. The root user should have limited usage and should not be used for routine activities.
"A SysOps Administrator needs to confirm that security best practices are being followed with the AWS account root user."
-> Trusted Advisor is used for this purpose so answer is C
C. Use AWS Trusted Advisor security checks to review the configuration of the root user.
AWS Best practice is to never generate access keys for root user
it is C
Multi-factor authentication on root account (free)
Checks the root account and warns if multi-factor authentication (MFA) is not enabled. For increased security, we recommend that you protect your account by using MFA, which requires a user to enter a unique authentication code from their MFA hardware or virtual device when interacting with the AWS console and associated websites.
C is right because question is asking for confirmation, B is wrong , you can rotate but how you will be sure its done , the only way is trusted advisor to confirm its been done and not deviation from standards. Well i may be wrong but i will choose C :)
C is the correct answer
I've set and tried to look for some hard and fast answer on many pages on the web.
Then I read the question a few times and it clicked.
"confirm that security best practices are being followed"
the question is not asking what you should to routinely or what will secure the root. It's asking you to confirm that security best PRACTICES(in plural) are being followed.
So you would need the trusted advisor to point out any area in which best practices are not being followed.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
karmaah
Highly Voted 3 years, 1 month agoe45af42
Most Recent 4 months, 4 weeks agoalbert_kuo
1 year, 3 months agogulu73
1 year, 8 months agoTroyMcLure
2 years, 12 months agoalexsandroe
2 years, 12 months agofqnn
2 years, 12 months agoRicardoD
3 years agoabhishek_m_86
3 years agojackdryan
3 years agoMFDOOM
3 years agowaterzhong
3 years agoasim1982
3 years agoTanglefoot12
3 years agoprofessor
3 years agoAWSum1
3 years agoblock933
3 years ago