Q45 — AWS SCS-C02 Ch.1

Question 45 of 100 | ← Chapter 1

What are the MOST secure ways to protect the AWS account root user of a recently opened AWS account? (Choose two.)

Correct Answer: D. Do not create access keys for the AWS account root user; instead, create AWS IAM users., E. Enable multi-factor authentication for the AWS account root user.

Explanation

AWS安全最佳实践中,根用户权限最高,需严格保护。AWS官方文档强调根用户应避免使用访问密钥(Access Keys),因其权限过大,存在高风险。D选项遵循此原则,建议通过IAM用户执行日常操作,减少根用户暴露。E选项建议为根用户启用MFA,增加登录验证层次,符合AWS身份验证增强要求。A选项错误,因使用根用户访问密钥违反最小权限原则;B选项针对IAM用户,非根用户;C选项提及加密和轮换,但根用户不应创建访问密钥,故此策略不适用。AWS安全白皮书和IAM最佳实践明确强调根用户MFA和避免访问密钥的必要性。