ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 186 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 186
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A large company has acquired a small company. The large company has an organization in AWS Organizations. The large company needs to integrate the small company’s single AWS account into the organization with minimal impact to the applications that are deployed in the small company's account.

The large company has deployed AWS Control Tower in its organization and wants to enroll the small company’s account in AWS Control Tower. The large company’s AWS Control Tower configuration includes a security OU, a sandbox OU, and a new destination OU that is set up for the small company's migration. Each company is using AWS Config as part of its account management strategy.

Which combination of steps should a DevOps engineer take lo meet these requirements? (Choose two.)

  • A. Create a landing zone in the security OU of the large company's AWS Control Tower landing zone. Provide the account's email address, the account owners first and last name, and the name of the landing zone created in the security OU to complete the AWS Control Tower Account Factory enrollment request.
  • B. Create and apply SCPs in the destination OU to restrict the types of resources that can be created in the small company’s account. Assess the impact of the applied SCPs on the small company's account. Delete existing SCPs in the small company’s account.
  • C. Create an AWS Config conformance pack that contains the policies that are currently applied to the large company's account. Use AWS Config to assess the impact that enrollment in AWS Control Tower will have on the small company's account. Delete the configuration recorder and delivery channels from the AWS Config settings of the small company's account.
  • D. Enroll the OU of the small company's account in the large company’s AWS Control Tower environment. Specify the destination OU in the large company's AWS Control Tower landing zone as the receiving OU in the request.
  • E. Create an AWSControlTowerExecution role in the small company's account. Provide the account's email address, the account owner's first and last name, and the destination OU to complete the AWS Control Tower Account Factory enrollment request.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by CloudFloater at Feb. 24, 2023, 9:44 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Dgix
1 year, 8 months ago
DE. Alternatives ABC are incorrect.
upvoted 1 times
...
[Removed]
1 year, 10 months ago
Selected Answer: BE
B: Create and apply SCPs in the destination OU to restrict the types of resources that can be created in the small company's account. Assess the impact of the applied SCPs on the small company's account. Delete existing SCPs in the small company’s account.
upvoted 2 times
vn_thanhtung
1 year, 1 month ago
https://docs.aws.amazon.com/controltower/latest/userguide/enroll-account.html#what-happens-during-account-enrollment
upvoted 1 times
...
...
ducluanxutrieu
2 years ago
Selected Answer: CE
EC are correct answers
upvoted 1 times
...
easytoo
2 years, 2 months ago
it's B and it's also E
upvoted 1 times
...
daheck
2 years, 2 months ago
Selected Answer: CE
https://docs.aws.amazon.com/controltower/latest/userguide/enroll-account.html Moreover the question asks for minimal impact to the applications that are deployed in the small company's account. Option B is eventually next step
upvoted 3 times
...
CloudFloater
2 years, 4 months ago
Selected Answer: BE
Agree, BE E - per saeidp aws link, "you must add this role to each account before you enroll it."
upvoted 3 times
...
saeidp
2 years, 4 months ago
Selected Answer: BE
Trusted access is necessary. AWSControlTowerExecution role conducts activities required to manage the small account. Place the account into the OU and Apply all the SCPs that are applied in the current OU
upvoted 4 times
saeidp
2 years, 4 months ago
https://docs.aws.amazon.com/controltower/latest/userguide/enroll-account.html
upvoted 2 times
...
...
CloudFloater
2 years, 4 months ago
Selected Answer: AB
A - company needs to enroll first B - small fish needs to comply with big fish C - not required for enrollment D - there is no OU to enroll E - This role is used for automated operations in AWS Control Tower, such as creating new accounts and setting up guardrails.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel