Topic 1 Question 488
A 4-year-old media company is using the AWS Organizations all features feature set to organize its AWS accounts. According to the company's finance team, the billing information on the member accounts must not be accessible to anyone, including the root user of the member accounts.
Which solution will meet these requirements?
Add all finance team users to an IAM group. Attach an AWS managed policy named Billing to the group.
Attach an identity-based policy to deny access to the billing information to all users, including the root user.
Create a service control policy (SCP) to deny access to the billing information. Attach the SCP to the root organizational unit (OU).
Convert from the Organizations all features feature set to the Organizations consolidated billing feature set.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: C
Service Control Policies (SCP): SCPs are an integral part of AWS Organizations and allow you to set fine-grained permissions on the organizational units (OUs) within your AWS Organization. SCPs provide central control over the maximum permissions that can be granted to member accounts, including the root user.
Denying Access to Billing Information: By creating an SCP and attaching it to the root OU, you can explicitly deny access to billing information for all accounts within the organization. SCPs can be used to restrict access to various AWS services and actions, including billing-related services.
Granular Control: SCPs enable you to define specific permissions and restrictions at the organizational unit level. By denying access to billing information at the root OU, you can ensure that no member accounts, including root users, have access to the billing information.
👍 2LONGMEN2023/05/18 - 正解だと思う選択肢: C
c for me
👍 1nosense2023/05/17 By denying access to billing information at the root OU, you can ensure that no member accounts, including root users, have access to the billing information.
👍 1Abrar20222023/06/04
シャッフルモード