🔥 3-day streak
AWS Certified CloudOps Engineer - Associate128 / 159
Question 128 of 159

A company manages 40 AWS accounts under AWS Organizations with all features enabled. The security team discovers that some account root users have been used to make configuration changes, violating the company's policy that all administrative work must be performed through federated IAM roles. The team wants a preventive, organization-wide guardrail that blocks any action performed by the root user across all member accounts, without affecting IAM roles or users. Which approach meets this requirement?

Reviewed for accuracy · Report an issueNext question