Correct answer - "It should be accessible by one admin only after enabling Multi-factor
authentication" : If you continue to use the root user credentials, we recommend that you follow
the security best practice to enable multi-factor authentication (MFA) for your account. Because
your root user can perform sensitive operations in your account, adding an additional layer of
authentication helps you to better secure your account. Multiple types of MFA are available.
Incorrect:
"It should be accessible by 3 to 6 members of the IT team" - After one admin as been configured
create an IT group with permissions and assign new users to that group
"It should be accessible using the access_key_id and secret_access_key_id" - This is not possible
via the web console
"It should be accessible by no one, throw away the passwords after creating the account" - You
will still need to store the password somewhere for your root account