Practice Test

True/False: The Account Root User can delete a service-linked role.

  • True
  • False

Answer: False

Explanation: While the Account Root User has full permissions, service-linked roles cannot be deleted as they are directly linked to the AWS Service that creates them.

True/False: The Account Root User is the only user who can close an AWS account.

  • True
  • False

Answer: True

Explanation: Closing an AWS account is a task that only the account root user can perform.

In AWS, who can change the account settings?

  • a) Administrator
  • b) Root User
  • c) Both Administrator and Root User

Answer: b) Root User

Explanation: Changing AWS account settings is a task that the root user can perform and the Administrator does not have permissions to change account settings.

Who can access the billing information in AWS?

  • a) IAM User
  • b) Root User
  • c) Both IAM User and Root User

Answer: b) Root User

Explanation: The root user always has access to all resources, including billing information. However, IAM users only have access if the root user grants them.

True/False: The Account Root User has the ability to delete an organization from AWS without deleting the individual accounts in it.

  • True
  • False

Answer: False

Explanation: The root user cannot delete an organization without first deleting the individual AWS accounts associated with it.

The Account Root User is the only entity that can:

  • a) Manage CloudWatch alarms
  • b) Access items in the AWS Billing and Cost Management console
  • c) Modify IAM Roles
  • d) All of the above

Answer: b) Access items in the AWS Billing and Cost Management console

Explanation: While all tasks in AWS could technically be performed by the Root User, only the task of accessing items in the AWS Billing and Cost Management console is exclusive to the Root User.

True/False: The Account Root User can view all user activity in AWS CloudTrail.

  • True
  • False

Answer: True

Explanation: The root user can view all user activity within their AWS account in CloudTrail, including activity by the root user, IAM users, and federated users.

True/False: The Account Root User can restore accidentally deleted EBS volumes.

  • True
  • False

Answer: False

Explanation: While the Root User has a broad range of control, restoring deleted EBS volumes is not something that can be done, even by the Root User.

Only an account root user can ____________

  • a) Create IAM Users
  • b) Register a .gov domain in Route53
  • c) Change the Support Plan
  • d) Both b and c

Answer: d) Both b and c

Explanation: Registering a .gov domain in Route53 and changing the support plan are tasks which only an account root user can perform.

True/False: The Account Root User is tied to a single AWS region.

  • True
  • False

Answer: False

Explanation: The Account Root user has global permissions and is not restricted to a single AWS region.

Who can correct errors with CloudFormation Stacks?

  • a) Administrator
  • b) Root User
  • c) Both Administrator and Root User

Answer: c) Both Administrator and Root User

Explanation: Both the Root and Administrator users can create, update, and delete CloudFormation Stacks in line with their permissions.

True/False: The Account Root User has all the permissions that an Administrator user has, along with additional permissions.

  • True
  • False

Answer: True

Explanation: The Account Root User has full permissions, which includes all the permissions that an Administrator user has along with other exclusive privileges such as managing account settings, managing billing and payment methods, and managing security credentials.

Single/Multiple Select: Who can view account-specific features or services in AWS?

  • a) Root User
  • b) IAM User
  • c) Guests

Answer: a) Root User

Explanation: Account-specific features or services can be viewed by the Root User only. IAM Users only have access to the permissions granted to them by the root user, and Guests do not have any access privileges.

True/False: The Account Root User has the ability to perform service-linked role actions.

  • True
  • False

Answer: True

Explanation: The Account Root User, by default, carries all permissions including the ability to perform actions on service-linked roles.

Is there a task in AWS that the Root User cannot perform?

  • a) Yes
  • b) No

Answer: a) Yes

Explanation: There are certain tasks that even the Root User cannot perform, such as deleting service-linked roles and restoring deleted EBS volumes.

Interview Questions

What is one task that only the AWS account root user can perform?

Only the AWS account root user can close an AWS account.

Can an IAM user change the root user password for an AWS account?

No, only the root user can change the root user password.

Is it possible for an IAM user to restore IAM user access?

No, restoring IAM user access is a task that only the root user can perform.

Can an IAM user change the email address associated with an AWS account?

No, only the account root user can change the email address associated with an AWS account.

Is it possible for an IAM user to manage CloudFront key pairs?

No, only the account root user can manage CloudFront key pairs.

Who has the permission to change the AWS account name?

Only the root user has the permission to change the AWS account name.

Can an IAM user request and manage Public and Private Certificates using the AWS Certificate Management?

No, only the root user can request and manage Public and Private Certificates.

Who is capable of creating and managing AWS Direct Connect connections?

Only the AWS account root user can create and manage AWS Direct Connect connections.

Can an IAM user register an Amazon EC2 EBS-backed instance as a Quick Start?

No, only the AWS account root user can register an Amazon EC2 EBS-backed instance as a Quick Start.

Is it possible for an IAM user to edit or remove the Payment Card Industry Data Security Standard (PCI DSS)?

No, only the account root user can edit or delete the Payment Card Industry Data Security Standard (PCI DSS) settings.

Who can register a developer name for the Amazon Appstore?

Only the account root user can register a developer name for the Amazon Appstore.

Can an IAM user configure and manage AWS Managed Microsoft AD Directory?

No, only the account root user can configure and manage Directory Services for AWS Managed Microsoft AD.

Is it possible for an IAM user to edit the AWS Support plan?

No, only the root user can change the AWS Support plan.

Can an IAM user move an Amazon Elastic Compute Cloud (Amazon EC2) Reserved Instance (RI) to a different AWS account?

No, only the root user can move an Amazon EC2 Reserved Instance (RI) to a different AWS account.

Who can create and manage Amazon Route 53 Delegation sets?

Only the root user can create and manage Amazon Route 53 Delegation sets.

Leave a Reply

Your email address will not be published. Required fields are marked *