Topic 1 Question 186
A company is launching an application. The application must use only approved AWS services. The account that runs the application was created less than 1 year ago and is assigned to an AWS Organizations OU.
The company needs to create a new Organizations account structure. The account structure must have an appropriate SCP that supports the use of only services that are currently active in the AWS account. The company will use AWS Identity and Access Management (IAM) Access Analyzer in the solution.
Which solution will meet these requirements?
Create an SCP that allows the services that IAM Access Analyzer identifies. Create an OU for the account. Move the account into the new OU. Attach the new SCP to the new OU. Detach the default FullAWSAccess SCP from the new OU.
Create an SCP that denies the services that IAM Access Analyzer identifies. Create an OU for the account. Move the account into the new OU. Attach the new SCP to the new OU.
Create an SCP that allows the services that IAM Access Analyzer identifies. Attach the new SCP to the organization's root.
Create an SCP that allows the services that IAM Access Analyzer identifies. Create an OU for the account. Move the account into the new OU. Attach the new SCP to the management account. Detach the default FullAWSAccess SCP from the new OU.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: A
It's A. To those who selected D, why would you assign the SCP to the management account??? The application account goes into an OU, and the SCP must be associated with that OU, period!
👍 2d262e672023/12/31 - 正解だと思う選択肢: D
D is correct
👍 1PrasannaBalaji2023/12/29 - 正解だと思う選択肢: D
D is the right answer
👍 1csG132023/12/29
シャッフルモード