CLF-C02: Which task can only AWS account root user perform

Question

Which task can only an AWS account root user perform?

A. Changing the AWS Support plan
B. Deleting AWS resources
C. Creating an Amazon EC2 instance key pair
D. Configuring AWS WAF

Answer

A. Changing the AWS Support plan

Explanation

The correct answer is A. Changing the AWS Support plan.

The AWS account root user is the email address that you use to sign up for AWS. It has complete and unrestricted access to all the resources and services in your AWS account, including billing, security, and administrative settings. The AWS account root user can perform any task in your AWS account, but some tasks can only be performed by the root user and not by other users or roles. One of these tasks is changing the AWS Support plan.

The AWS Support plan is the level of service and assistance that you receive from AWS. There are four types of AWS Support plans: Basic, Developer, Business, and Enterprise. Each plan offers different benefits and features, such as response times, technical support, case management, and trusted advisor. You can change your AWS Support plan at any time by using the AWS Support Center. However, only the AWS account root user can access the AWS Support Center and change the AWS Support plan. Other users or roles need to have the permission to assume the role of the root user to perform this task.

Option B is incorrect because deleting AWS resources is not a task that can only be performed by the root user. Any user or role that has the necessary permissions can delete AWS resources, such as Amazon EC2 instances, Amazon S3 buckets, or AWS Lambda functions. The permissions are defined by the policies that are attached to the user or role.

Option C is incorrect because creating an Amazon EC2 instance key pair is not a task that can only be performed by the root user. Any user or role that has the necessary permissions can create an Amazon EC2 instance key pair, which is a set of public and private keys that are used to securely connect to an EC2 instance. The permissions are defined by the policies that are attached to the user or role.

Option D is incorrect because configuring AWS WAF is not a task that can only be performed by the root user. Any user or role that has the necessary permissions can configure AWS WAF, which is a web application firewall that protects your web applications from common web exploits. The permissions are defined by the policies that are attached to the user or role.

Therefore, the only task that can only be performed by the AWS account root user among the options is changing the AWS Support plan.

Reference

• Tasks that require root user credentials – AWS Account Management (amazon.com)
• AWS account root user – AWS Identity and Access Management (amazon.com)
• How to Secure AWS Account Root User – Best Practices (securingthe.cloud)
• AWS Account Root User Activity | Trend Micro
• Tasks that require root user credentials – Amazon Account Management (amazonaws.cn)
• python – Check if Root user exist in AWS account – Stack Overflow
• How Do I Find My Aws Root User? (purdylounge.com)
• Sign in to the AWS Management Console as the root user – AWS Sign-In (amazon.com)
• Access an AWS account if the administrator left the company | AWS re:Post (repost.aws)
• Root user – AWS Sign-In (amazon.com)

Amazon AWS Certified Cloud Practitioner certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner exam and earn Amazon AWS Certified Cloud Practitioner certification.