A security engineer is defining the controls required to protect the AWS account root user credentials in an AWS Organizations hierarchy. The controls should also limit the impact in case these credentials have been compromised.
Which combination of controls should the security engineer propose? (Choose three.)
A. Apply the following SCP:
B. Apply the following SCP:
C. Enable multi-factor authentication (MFA) for the root user.
D. Set a strong randomized password and store it in a secure location.
E. Create an access key ID and secret access key, and store them in a secure location.
F. Apply the following permissions boundary to the root user:
