Topic 1 Question 228
A security administrator is restricting the capabilities of company root user accounts. The company uses AWS Organizations and has all features enabled. The management account is used for billing and administrative purposes, but it is not used for operational AWS resource purposes.
How can the security administrator restrict usage of member root user accounts across the organization?
Disable the use of the root user account at the organizational root. Enable multi-factor authentication (MFA) of the root user account for each organization member account.
Configure IAM user policies to restrict root account capabilities for each organization member account.
Create an OU in Organizations, and attach an SCP that controls usage of the root user. Add all member accounts to the new OU.
Configure AWS CloudTrail to integrate with Amazon CloudWatch Logs. Create a metric filter for RootAccountUsage.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: C
his approach allows you to centrally manage and enforce restrictions on root user accounts across all member accounts in the organization by using Service Control Policies (SCPs). This ensures that the root user capabilities are consistently controlled and limited according to the organization's security policies.
👍 1Pmktechno2024/12/29
シャッフルモード