Which statement correctly describes the permission scope of the AWS root user compared to an IAM user?
Think about who created the AWS account and what control they have.
The root user is the original account owner with full access to all AWS services and resources. IAM users have no permissions unless assigned.
Which of the following is the best security practice regarding the AWS root user?
Consider minimizing risk by limiting use of the most powerful account.
Using IAM users with specific permissions reduces risk. The root user should be reserved for tasks that require it and protected carefully.
Which user type can access the AWS billing and account settings by default?
Think about who owns the account and controls billing.
The root user owns the AWS account and has default access to billing and account settings. IAM users must be granted explicit permissions to view billing.
Which statement best describes how IAM user permissions are managed in AWS?
Consider how AWS controls access for different users.
IAM users get permissions from policies attached to them, their groups, or roles. They have no permissions by default and only what is explicitly allowed.
Which of the following actions is the most effective way to secure the AWS root user account?
Think about adding extra layers of security to the most powerful account.
Enabling MFA adds a second step to login, making it much harder for attackers to access the root user. Sharing passwords or disabling MFA weakens security.