ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 63 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 63
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has enabled all features for its organization in AWS Organizations. The organization contains 10 AWS accounts. The company has turned on AWS CloudTrail in all the accounts. The company expects the number of AWS accounts in the organization to increase to 500 during the next year. The company plans to use multiple OUs for these accounts.
The company has enabled AWS Config in each existing AWS account in the organization. A DevOps engineer must implement a solution that enables AWS Config automatically for all future AWS accounts that are created in the organization.
Which solution will meet this requirement?

  • A. In the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call. Configure the rule to invoke an AWS Lambda function that enables trusted access to AWS Config for the organization.
  • B. In the organization's management account, create an AWS CloudFormation stack set to enable AWS Config. Configure the stack set to deploy automatically when an account is created through Organizations.
  • C. In the organization's management account, create an SCP that allows the appropriate AWS Config API calls to enable AWS Config. Apply the SCP to the root-level OU.
  • D. In the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call. Configure the rule to invoke an AWS Systems Manager Automation runbook to enable AWS Config for the account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by alce2020 at April 15, 2023, 4:21 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
thanhnv142
9 months ago
B is correct: The question ask a solution to "enables AWS Config automatically" for all future accounts. In AWS org, to provision or configure resources on other accounts, we use ACF A, C and D: no mention of ACF
upvoted 2 times
thanhnv142
9 months ago
A: trusted access to AWS Config: this is used by other services to access to AWS config, not for account D: enable AWS Config for the account: this means we only activate AWS config for the management account, not the newly created ones
upvoted 1 times
...
...
2pk
12 months ago
B: Details the new feature with enable trusted access to new accounts in any region https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-cloudformation.html
upvoted 1 times
...
hjey0329
1 year, 2 months ago
B https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-sampletemplates.html
upvoted 1 times
...
madperro
1 year, 4 months ago
Selected Answer: B
B is the best solution.
upvoted 1 times
...
samgyeopsal
1 year, 5 months ago
B https://aws.amazon.com/about-aws/whats-new/2020/02/aws-cloudformation-stacksets-introduces-automatic-deployments-across-accounts-and-regions-through-aws-organizations/
upvoted 2 times
...
haazybanj
1 year, 6 months ago
Selected Answer: B
The correct solution to enable AWS Config automatically for all future AWS accounts created in the organization is Option B: In the organization's management account, create an AWS CloudFormation stack set to enable AWS Config. Configure the stack set to deploy automatically when an account is created through Organizations. Option C is incorrect because although it suggests creating an SCP that allows the appropriate AWS Config API calls to enable AWS Config and applying the SCP to the root-level OU, it does not specifically enable AWS Config automatically for all future AWS accounts that are created in the organization.
upvoted 4 times
Olelukoe
10 months, 2 weeks ago
In terms of Option C: SCP can only Deny access, not Allow
upvoted 3 times
...
...
alce2020
1 year, 6 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago