CLF-C02 Domain 2: Security and Compliance

The AWS root user should be used:

Multiple choice — select one answer

Answer choices

  1. a. Managed network firewall for VPCs, while leaving refresh tokens and OAuth consent grants active pending user callback
  2. b. Shared across the team, without preserving cloud audit logs or hunting mailbox rules and delegate permissions, without security or identity team coordination per policy.
  3. c. Only for tasks that require root credentials
  4. d. Embedded in application code, using password reset alone and deferring session revocation until the next business day

Architectural breakdown & explanation

Create IAM users/roles for daily work; secure root with MFA and minimal use.

Correct answer(s): c. Only for tasks that require root credentials

Exam domain: Domain 2: Security and Compliance (30% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Cloud Practitioner bank. Run a full timed practice exam with domain-weighted random questions in your browser.