AWS Certified Security - Specialty (#135)

What are the MOST secure ways to protect the AWS account root user of a recently opened AWS account? (Choose two.)

Use the AWS account root user access keys instead of the AWS Management Console
Enable multi-factor authentication for the AWS IAM users with the AdministratorAccess managed policy attached to them
Enable multi-factor authentication for the AWS account root user
Use AWS KMS to encrypt all AWS account root user and AWS IAM access keys and set automatic rotation to 30 days
Do not create access keys for the AWS account root user; instead, create AWS IAM users