A company has been using AWS cloud services for six months and has just finished a security review.
Which of the following is considered a best practice in the security pillar of the well-architected framework?

Answer options:

A.Using the root user to create all-new user accounts, at any time
B.Monitoring and using alerts using CloudTrail and CloudWatch
C.Assigning Private IP address ranges to VPCs that do not overlap
D.Designing the system using elasticity to meet changes in demand

Correct Answer: B
Option B is correct. Monitoring and alerting for key metrics and events are the best practices of the Security pillar.
Option A is incorrect. For the root user, you should follow the best practice of using this login only to create another, an initial set of IAM users and groups for longer-term identity management operations.
Option C is incorrect. Non-overlapping Private IP addresses are in the Reliability pillar.
D. Design using elasticity to meet demand is in the Performance Efficiency pillar (Design for Cloud Operations).
References:
https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf