Topic 1 Question 168
3 つ選択A company has a few AWS accounts for development and wants to move its production application to AWS. The company needs to enforce Amazon Elastic Block Store (Amazon EBS) encryption at rest current production accounts and future production accounts only. The company needs a solution that includes built-in blueprints and guardrails.
Which combination of steps will meet these requirements?
Use AWS CloudFormation StackSets to deploy AWS Config rules on production accounts.
Create a new AWS Control Tower landing zone in an existing developer account. Create OUs for accounts. Add production and development accounts to production and development OUs, respectively.
Create a new AWS Control Tower landing zone in the company’s management account. Add production and development accounts to production and development OUs. respectively.
Invite existing accounts to join the organization in AWS Organizations. Create SCPs to ensure compliance.
Create a guardrail from the management account to detect EBS encryption.
Create a guardrail for the production OU to detect EBS encryption.
ユーザの投票
コメント(11)
- 正解だと思う選択肢: CDF
When you enable controls on an organizational unit (OU) that is registered with AWS Control Tower, preventive controls apply to all member accounts under the OU, enrolled and unenrolled. Detective controls apply to enrolled accounts only. https://docs.aws.amazon.com/controltower/latest/userguide/controls.html
👍 9God_Is_Love2023/03/15 - 👍 4ExamTopix012023/02/04
- 正解だと思う選択肢: CDF
https://docs.aws.amazon.com/controltower/latest/userguide/controls.html https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-controls.html#ebs-enable-encryption AWS is now transitioning the previous term 'guardrail' new term 'control'.
👍 4Untamables2023/02/10
シャッフルモード