Question 13
Domain 2: Security and ComplianceThere is a requirement to grant a DevOps team full administrative access to all resources in an AWS account. Who can grant them these permissions?
Correct answer: A
Explanation
The AWS account owner controls the account and can assign full administrative permissions to a DevOps team. In AWS, administrative access is granted through IAM permissions or by using the root account, which belongs to the account owner and has unrestricted access to all resources.
Why each option is right or wrong
A. AWS account owner.
Under AWS IAM, permissions are assigned by the account’s authorized administrator, and the account root user is the identity with unrestricted control over all resources in that account. AWS documents the root user as one of the account’s unique credential types, and only the account owner can create or delegate an IAM policy granting `AdministratorAccess` across the account; IAM access is governed by policies, not by ACLs or security groups.
B. AWS technical account manager.
C. AWS security team.
D. AWS cloud support engineers.