A Security Administrator is restricting the capabilities of company root user accounts. The company uses AWS Organizations and has enabled it for all feature sets, including consolidates billing. The top-level account is used for billing and administrative purposes, not for operational AWS resource purposes. How can the Administrator restrict usage of member root user accounts across the organization?
A) Disable the use of the root user account at the organizational root. Enable multi-factor authentication of the root user account for each organizational member account.
B) Configure IAM user policies to restrict root account capabilities for each Organizations member account.
C) Create an organizational unit (OU) in Organizations with a service control policy that controls usage of the root user. Add all operational accounts to the new OU.
D) Configure AWS CloudTrail to integrate with Amazon CloudWatch Logs and then create a metric filter for RootAccountUsage . Configure AWS CloudTrail to integrate with Amazon CloudWatch Logs and then create a metric filter for RootAccountUsage .
Correct Answer:
Verified
Q208: A company has two software development teams
Q209: A company uses AWS Organization to manage
Q210: A company stores data on an Amazon
Q211: A security engineer is defining the controls
Q212: Amazon CloudWatch Logs agent is successfully delivering
Q214: A company website runs on Amazon EC2
Q215: A company is running an application on
Q216: A company is collecting AWS CloudTrail log
Q217: The Development team receives an error message
Q218: A company has a web-based application using
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents