🔥 3-day streak
AWS Certified Solutions Architect - Professional148 / 186
Question 148 of 186
A financial services company uses AWS Organizations with all features enabled. The security team mandates that no IAM principal in any member account should be able to perform sensitive EC2 termination or RDS deletion actions unless the request is authenticated with multi-factor authentication (MFA). They want this enforced centrally so that even account administrators with broad IAM permissions cannot bypass it. Which approach meets this requirement with the least ongoing operational effort?
Reviewed for accuracy · Report an issueNext question