A company has several member accounts that are in an organization in AWS Organizations. The company recently discovered that administrators have been using account root user credentials. The company must prevent the administrators from using root user credentials to perform any actions on Amazon EC2 instances. What should a SysOps administrator do to meet this requirement?

Topic #: - All AWS Certified SysOps Administrator - Associate Questions

A. Create an identity-based IAM policy in each member account to deny actions on EC2 instances by the root user.
B. In the organization’s management account, create a service control policy (SCP) to deny actions on EC2 instances by the root user in all member accounts.
C. Use AWS Config to prevent any actions on EC2 instances by the root user.
D. Use Amazon Inspector in each member account to scan for root user logins and to prevent any actions on EC2 instances by the root user.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion