Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 67 discussion

AE https://aws.amazon.com/blogs/mt/org-aggregator-delegated-admin/ A - When enabling trust - the service-linked role will be created but not the other way around. E - the delegated account will be the account that manages AWS config so it should collect all data centrally.

A - You can enable trusted access using either the AWS Config console or the AWS Organizations console. https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html

AE is the answer AWS Config offers an organization-wide data aggregation capability called the Config organization aggregator. It allows you to collect and view configuration data from all member accounts within your AWS Organization in a single location. This centralizes your view of resource configurations and compliance posture across your entire AWS environment.

A and E are correct: <AWS Config is manually configured in each AWS account> means we dont need ACF (only used for the deployment of AWS config). <centrally configure AWS Config for all accounts> means we need to allow a central account to control AWS config in all member accounts. - <record resource changes to a central account> means we need to collect data from all member accounts and push to the central account B: service-linked role only used for interacting with other AWS services C: no need ACF D: we need AWS Config organization aggregator in the delegated administrator account, not the organization's management account

AE is most correct

Here you have the Tutorial :) https://aws.amazon.com/blogs/mt/org-aggregator-delegated-admin/

https://aws.amazon.com/blogs/mt/org-aggregator-delegated-admin/ https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html

BE is the most efficient

BD is most suitable in this case

The correct answers are B and D. Option B is correct because it suggests configuring a delegated administrator account for AWS Config and creating a service-linked role for AWS Config in the organization’s management account. This allows AWS Config to perform supported operations within the accounts in the organization, and enables trusted access. Option D is correct because it suggests creating an AWS Config organization aggregator in the organization's management account and configuring data collection from all AWS accounts in the organization and from all AWS Regions, which enables multi-account, multi-region data aggregation. Options A and E are not correct because they do not suggest using a service-linked role for AWS Config or creating an AWS Config organization aggregator in the organization's management account.

AE . https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-config.html