🔥 3-day streak
AWS Certified Solutions Architect - Professional118 / 186
Question 118 of 186
A financial services company manages 60 accounts under AWS Organizations with all features enabled. The security team discovered that some workload teams have been performing sensitive actions (such as modifying account-level settings) directly as the account root user. Compliance requires that the root user in every member account be prevented from taking any actions except those absolutely necessary, while normal IAM roles and users continue to operate unaffected. The security team wants a centrally managed, preventive control that applies to all current and future accounts. Which approach BEST meets these requirements?
Reviewed for accuracy · Report an issueNext question