Topic 1 Question 364

AWS Certified Solutions Architect - Professional

Topic 1 Question 364
A company is managing many AWS accounts by using an organization in AWS Organizations. Different business units in the company run applications on Amazon EC2 instances. All the EC2 instances must have a BusinessUnit tag so that the company can track the cost for each business unit.

A recent audit revealed that some instances were missing this tag. The company manually added the missing tag to the instances.

What should a solutions architect do to enforce the tagging requirement in the future?
- Enable tag policies in the organization. Create a tag policy for the BusinessUnit tag. Ensure that compliance with tag key capitalization is turned off. Implement the tag policy for the ec2:instance resource type. Attach the tag policy to the root of the organization.
- Enable tag policies in the organization. Create a tag policy for the BusinessUnit tag. Ensure that compliance with tag key capitalization is turned on. Implement the tag policy for the ec2:instance resource type. Attach the tag policy to the organization's management account.
- Create an SCP and attach the SCP to the root of the organization. Include the following statement in the SCP:
- Create an SCP and attach the SCP to the organization’s management account. Include the following statement in the SCP:
ユーザの投票
コメント(16)
- 正解だと思う選択肢: C
  Answer is C. To those that are getting confused between a Management Account vs Root of the Organisation here is my two pennies:
  
  Management Account is where you create accounts, management payments, create organisation, etc.
  
  Root of Organisation is where you apply the policies
  
  See: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html
  
  👍 6
  ayadmawla2023/12/10
- 正解だと思う選択肢: B
  Tough question -- usually the answer is SCPs but here, it's better to leverage the tag policy and attached it to the management account of the org.
  
  Note the question: "A company is managing many AWS accounts by using an organization in AWS Organizations." So the policy must go to the management account, which isn't the same at the root account.
  
  This exam is 50% technical and 50% reading comprehension apparently....
  
  👍 4
  heatblur2023/11/30
- 正解だと思う選択肢: B
  Answer: B
  
  👍 2
  cypkir2023/11/21
シャッフルモード

ユーザの投票

コメント(16)