Your CTO is very worried about the security of your AWS account. Which of the following options is the most appropriate to prevent hackers from completely hijacking your account?

Answer options:

A.Use a short but complex password on the root account and any administrators.
B.Use AWS IAM Geo-Lock and disallow anyone from logging in except for in your city.
C.Use MFA on all users and accounts, especially on the root account.
D.Delete the root account password as it provides unrestricted access to the AWS resources.

Answer – C
Multi-factor authentication can add one more layer of security to your AWS account. Even when you go to your Security Credentials dashboard, one of the items is to enable MFA on your root account.
Option A is incorrect because you need to have a good password policy.
Option B is incorrect because there is no IAM Geo-Lock feature.
Option D is incorrect because you should delete the root access keys rather than the root account password.
For more information on MFA, please visit the below URL:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html