A. Setting a strong password for the root user is an essential security measure to prevent unauthorized access.
B. Enabling MFA adds an extra layer of security by requiring an additional authentication factor, such as a code from a mobile app or a hardware token, in addition to the password.
C. Root user access keys should be avoided whenever possible, and it is best to use IAM users with restricted permissions instead.
D. The root user already has unrestricted access to all resources and services in the account, so granting additional administrative permissions could increase the risk of unauthorized actions.
E. Instead, it is recommended to create IAM users with appropriate permissions and use those users for day-to-day operations, while keeping the root user secured and only using it for necessary administrative tasks.
A and B are the correct answers:
Option A: A strong password is always required for any AWS account you create, and should not be shared or stored anywhere as there is always a risk.
Option B: This is following AWS best practice, by enabling MFA on your root user which provides another layer of security on the account and unauthorised access will be denied if the user does not have the correct password and MFA.
B. Enabling multi-factor authentication for the root user provides an additional layer of security to ensure that only authorized individuals are able to access the root user account.
E. Applying the required permissions to the root user with an inline policy document ensures that the root user only has the necessary permissions to perform the necessary tasks, and not any unnecessary permissions that could potentially be misused.
E is wrong because you can't attach permissions or policies to the root user.
A is right because MFA alone won't help too much if the password is "123".
The other options are not sufficient to secure the root user access because:
A. A strong password alone is not enough to protect against potential security threats such as phishing or brute force attacks.
C. Storing the root user access keys in an encrypted S3 bucket does not address the root user's authentication process.
D. Adding the root user to a group with administrative permissions does not address the root user's authentication process and does not provide an additional layer of security.
D is wrong because the root user is outside of IAM, thus you can't put him into a group. Also he does not need "administrative permissions" as he has those anyway.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
cookieMr
Highly Voted 1 year, 3 months agoRuffyit
Most Recent 10 months, 1 week agoTariqKipkemei
1 year agoDiscussionMonke
1 year, 3 months agoBmarodi
1 year, 4 months agoluisgu
1 year, 4 months agoKunj7
1 year, 6 months agoWherecanIstart
1 year, 6 months agofkie4
1 year, 6 months agoProfXsamson
1 year, 8 months agobullrem
1 year, 8 months agopentium75
9 months agobullrem
1 year, 8 months ago[Removed]
1 year, 5 months agobullrem
1 year, 8 months agoPindol
1 year, 8 months agodavid76x
1 year, 8 months agoAninina
1 year, 8 months agowmp7039
1 year, 8 months agoswolfgang
1 year, 8 months agoraf123123
1 year, 8 months agoawsgeek75
9 months agopentium75
9 months ago