Bird
Raised Fist0
AWScloud~20 mins

Root user vs IAM user in AWS - Practice Questions

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Root User vs IAM User Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Difference in Permissions Between Root User and IAM User

Which statement correctly describes the permission scope of the AWS root user compared to an IAM user?

ABoth root user and IAM users have the same default permissions when created.
BIAM users have full access to all AWS services by default, while the root user has limited permissions.
CThe root user has full unrestricted access to all AWS services and resources by default, while IAM users have permissions only as explicitly granted.
DThe root user can only access billing information, while IAM users manage resources.
Attempts:
2 left
💡 Hint

Think about who created the AWS account and what control they have.

security
intermediate
2:00remaining
Best Practice for Using Root User

Which of the following is the best security practice regarding the AWS root user?

AUse the root user for daily administrative tasks to simplify management.
BCreate IAM users with necessary permissions and avoid using the root user for everyday tasks.
CDisable the root user account to prevent any access.
DShare the root user credentials with all team members for easy access.
Attempts:
2 left
💡 Hint

Consider minimizing risk by limiting use of the most powerful account.

service_behavior
advanced
2:00remaining
Root User Access to Billing Information

Which user type can access the AWS billing and account settings by default?

AOnly the root user has access to billing and account settings by default.
BAll IAM users have access to billing and account settings by default.
CBoth root user and IAM users have billing access by default.
DNeither root user nor IAM users have billing access by default.
Attempts:
2 left
💡 Hint

Think about who owns the account and controls billing.

Architecture
advanced
2:00remaining
IAM User Permissions Scope

Which statement best describes how IAM user permissions are managed in AWS?

AIAM user permissions are granted through policies attached directly to the user or through groups and roles, and they are limited to what is explicitly allowed.
BIAM users automatically inherit all permissions from the root user.
CIAM users have full access to all AWS services unless explicitly denied.
DIAM user permissions cannot be changed once created.
Attempts:
2 left
💡 Hint

Consider how AWS controls access for different users.

Best Practice
expert
2:00remaining
Securing the AWS Root User Account

Which of the following actions is the most effective way to secure the AWS root user account?

AUse the root user account password for all team members to ensure quick access.
BCreate multiple root user accounts for redundancy.
CDisable MFA on the root user account to avoid login issues.
DEnable multi-factor authentication (MFA) on the root user account and store credentials securely offline.
Attempts:
2 left
💡 Hint

Think about adding extra layers of security to the most powerful account.

Practice

(1/5)
1. Which AWS user has full access to all resources and billing information by default?
easy
A. IAM user with admin permissions
B. Federated user
C. IAM user with read-only permissions
D. Root user

Solution

  1. Step 1: Understand AWS user types

    The root user is the original account owner with full control over all AWS services and billing.

  2. Step 2: Compare with IAM users

    IAM users have permissions assigned and do not have full access by default.

  3. Final Answer:

    Root user -> Option D

  4. Quick Check:

    Full access = Root user [OK]
Hint: Root user = full control, IAM users = limited [OK]
Common Mistakes:
  • Confusing IAM admin user with root user
  • Thinking IAM users have full billing access by default
  • Assuming federated users have root privileges
2. Which of the following is the correct way to create an IAM user in AWS Management Console?
easy
A. Use AWS Billing dashboard to add a user
B. Go to IAM > Users > Add user, then set permissions
C. Log in as root user and create a new AWS account
D. Create a new user under AWS Organizations

Solution

  1. Step 1: Locate IAM user creation

    IAM users are created in the IAM service under Users > Add user.

  2. Step 2: Understand permissions assignment

    After adding a user, you assign permissions directly or via groups.

  3. Final Answer:

    Go to IAM > Users > Add user, then set permissions -> Option B

  4. Quick Check:

    IAM user creation = IAM console [OK]
Hint: Create IAM users only in IAM console, not billing or orgs [OK]
Common Mistakes:
  • Trying to create IAM users in Billing dashboard
  • Confusing AWS Organizations with IAM user creation
  • Creating new AWS accounts instead of IAM users
3. If an IAM user tries to delete an S3 bucket but gets an Access Denied error, what is the most likely reason?
medium
A. The IAM user does not have delete permissions for the bucket
B. The root user disabled S3 service
C. The bucket is owned by another AWS account
D. IAM users cannot delete S3 buckets

Solution

  1. Step 1: Check IAM user permissions

    IAM users need explicit permissions to delete S3 buckets; lacking these causes Access Denied.

  2. Step 2: Evaluate other options

    Root user cannot disable S3 service; buckets owned by others can cause issues but usually different errors; IAM users can delete buckets if permitted.

  3. Final Answer:

    The IAM user does not have delete permissions for the bucket -> Option A

  4. Quick Check:

    Access Denied = missing permissions [OK]
Hint: Access Denied usually means missing permission, not service disabled [OK]
Common Mistakes:
  • Assuming root user disables services
  • Believing IAM users cannot delete buckets at all
  • Ignoring bucket ownership issues
4. An administrator accidentally used the root user credentials for daily tasks and now wants to improve security. What should they do to fix this?
medium
A. Create IAM users with appropriate permissions and avoid using root user for daily tasks
B. Delete the root user and use only IAM users
C. Share root user credentials with team members for convenience
D. Disable MFA on root user to simplify login

Solution

  1. Step 1: Understand root user best practices

    Root user should be used only for account setup and billing, not daily tasks.

  2. Step 2: Implement IAM users for daily work

    Create IAM users with limited permissions for daily tasks to improve security.

  3. Final Answer:

    Create IAM users with appropriate permissions and avoid using root user for daily tasks -> Option A

  4. Quick Check:

    Use IAM users daily, root only for emergencies [OK]
Hint: Use IAM users daily; keep root user locked down [OK]
Common Mistakes:
  • Trying to delete root user (impossible)
  • Sharing root credentials widely
  • Disabling MFA on root user
5. A company wants to restrict billing access to only the root user but allow IAM users to manage resources. Which AWS best practice should they follow?
hard
A. Create IAM users with billing permissions and avoid using root user
B. Grant all IAM users full admin access including billing
C. Use the root user only for billing and create IAM users with resource permissions
D. Disable root user and use IAM users for all tasks

Solution

  1. Step 1: Understand billing access control

    Billing access is sensitive and should be limited to the root user for security.

  2. Step 2: Assign resource management to IAM users

    IAM users should have permissions to manage resources but not billing.

  3. Final Answer:

    Use the root user only for billing and create IAM users with resource permissions -> Option C

  4. Quick Check:

    Billing = root only; resource management = IAM users [OK]
Hint: Keep billing to root user; IAM users manage resources [OK]
Common Mistakes:
  • Giving IAM users billing permissions unnecessarily
  • Disabling root user (not possible)
  • Granting full admin to all IAM users