What should the Security Engineer do to provide the highest level of security for the account?
Create a new IAM user that has administrator permissions in the AWS account. Delete the password for the AWS account root user.
Create a new IAM user that has administrator permissions in the AWS account. Modify the permissions for the existing IAM users.
Replace the access key for the AWS account root user. Delete the password for the AWS account root user.
Create a new IAM user that has administrator permissions in the AWS account. Enable multi-factor authentication for the AWS account root user.
Explanations:
While creating a new IAM user with administrator permissions is a good practice, simply deleting the password for the root user is not recommended because it may lock the account out entirely. The root user should remain accessible, but its security should be enhanced with MFA.
Creating a new IAM user with administrator permissions is a good step, but modifying permissions for existing IAM users alone does not enhance the security of the root account. The root user should have MFA enabled and its access minimized, but this option does not address those points.
Replacing the access key for the root user is an improvement, but deleting the password is not practical and may result in losing access to the root account. The root account should be secured using MFA rather than disabling access entirely.
This option is the best practice as it not only involves creating a new IAM user with administrator permissions but also enables multi-factor authentication (MFA) for the root user. This adds an extra layer of security, making it much harder for unauthorized users to gain access to the account.
In my experience, the answer is:
Create a new IAM user that has administrator permissions in the AWS account. Enable multi-factor authentication for the AWS account root user.