Which actions are best practices for an AWS account root user?
(Choose two.)
Share root user credentials with team members.
Create multiple root users for the account, separated by environment.
Enable multi-factor authentication (MFA) on the root user.
Create an IAM user with administrator privileges for daily administrative tasks, instead of using the root user.
Use programmatic access instead of the root user and password.
Explanations:
Sharing root user credentials with team members is highly discouraged as it increases the risk of unauthorized access and potential security breaches. The root user has unrestricted access to all resources in the AWS account.
AWS does not allow the creation of multiple root users for an account. Each AWS account can only have one root user, and best practices recommend minimizing its use to enhance security.
Enabling multi-factor authentication (MFA) on the root user significantly enhances account security by requiring a second form of verification in addition to the password. This helps protect against unauthorized access.
Creating an IAM user with administrator privileges for daily administrative tasks is a best practice. This minimizes the use of the root user, which should only be used for specific account and service management tasks.
While programmatic access is useful, the root user should not be used for programmatic access or API calls. Instead, IAM users or roles should be used, as they provide more granular permissions and better security practices.
I map out that the answer is:
Enable multi-factor authentication (MFA) on the root user.