ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 48 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 48
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has chosen AWS to host a new application. The company needs to implement a multi-account strategy. A DevOps engineer creates a new AWS account and an organization in AWS Organizations. The DevOps engineer also creates the OU structure for the organization and sets up a landing zone by using AWS Control Tower.
The DevOps engineer must implement a solution that automatically deploys resources for new accounts that users create through AWS Control Tower Account Factory. When a user creates a new account, the solution must apply AWS CloudFormation templates and SCPs that are customized for the OU or the account to automatically deploy all the resources that are attached to the account. All the OUs are enrolled in AWS Control Tower.
Which solution will meet these requirements in the MOST automated way?

  • A. Use AWS Service Catalog with AWS Control Tower. Create portfolios and products in AWS Service Catalog. Grant granular permissions to provision these resources. Deploy SCPs by using the AWS CLI and JSON documents.
  • B. Deploy CloudFormation stack sets by using the required templates. Enable automatic deployment. Deploy stack instances to the required accounts. Deploy a CloudFormation stack set to the organization’s management account to deploy SCPs.
  • C. Create an Amazon EventBridge rule to detect the CreateManagedAccount event. Configure AWS Service Catalog as the target to deploy resources to any new accounts. Deploy SCPs by using the AWS CLI and JSON documents.
  • D. Deploy the Customizations for AWS Control Tower (CfCT) solution. Use an AWS CodeCommit repository as the source. In the repository, create a custom package that includes the CloudFormation templates and the SCP JSON documents.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by alce2020 at April 15, 2023, 6:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tartarus23
Highly Voted 2 years ago
Selected Answer: D
The CfCT solution is designed for the exact purpose stated in the question. It extends the capabilities of AWS Control Tower by providing you with a way to automate resource provisioning and apply custom configurations across all AWS accounts created in the Control Tower environment. This enables the company to implement additional account customizations when new accounts are provisioned via the Control Tower Account Factory. The CloudFormation templates and SCPs can be added to a CodeCommit repository and will be automatically deployed to new accounts when they are created. This provides a highly automated solution that does not require manual intervention to deploy resources and SCPs to new accounts.
upvoted 9 times
...
madperro
Highly Voted 2 years ago
Selected Answer: D
CfCT is designed for the purpose stated in the question. So D. https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html
upvoted 6 times
...
jamesf
Most Recent 11 months, 2 weeks ago
Selected Answer: D
D https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html Customizations for AWS Control Tower (CfCT) helps you customize your AWS Control Tower landing zone and stay aligned with AWS best practices. Customizations are implemented with AWS CloudFormation templates and service control policies (SCPs).
upvoted 1 times
jamesf
11 months, 2 weeks ago
keywords: "sets up a landing zone by using AWS Control Tower"
upvoted 1 times
...
...
Gomer
1 year, 1 month ago
Selected Answer: D
"This CfCT capability is integrated with AWS Control Tower lifecycle events, so that your resource deployments remain synchronized with your landing zone." "For example, when a new account is created through account factory, all resources attached to the account are deployed automatically." "You can deploy the custom templates and policies to individual accounts and organizational units (OUs) within your organization." https://docs.aws.amazon.com/controltower/latest/userguide/cfct-overview.html
upvoted 1 times
...
thanhnv142
1 year, 5 months ago
D is correct: Use CfCT is the correct solution: it utilizes both CloudFormation template and SCP A and C: no mention of AWS CloudFormation B: No mention of AWS control tower
upvoted 4 times
...
khchan123
1 year, 5 months ago
Selected Answer: D
D. B is wrong because StackSets doesn't deploy stack instances to the organization management account.
upvoted 3 times
...
Bassel
2 years, 1 month ago
Selected Answer: B
B. Deploying CloudFormation stack sets is the most automated way to deploy resources for new accounts created through AWS Control Tower Account Factory. With stack sets, you can define a CloudFormation template and deploy it to multiple accounts automatically. By enabling automatic deployment and deploying stack instances to the required accounts, you can ensure that the resources specified in the CloudFormation templates are automatically provisioned for each account. Additionally, by deploying a CloudFormation stack set to the organization's management account, you can deploy Service Control Policies (SCPs) across all accounts in the organization.
upvoted 2 times
...
youonebe
2 years, 1 month ago
Customizations for AWS Control Tower combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices. You can easily add customizations to your AWS Control Tower landing zone using an AWS CloudFormation template and service control policies (SCPs). You can deploy the custom template and policies to individual accounts and organizational units (OUs) within your organization. It also integrates with AWS Control Tower lifecycle events to ensure that resource deployments stay in sync with your landing zone. For example, when a new account is created using the AWS Control Tower account factory, Customizations for AWS Control Tower ensures that all resources attached to the account's OUs will be automatically deployed.
upvoted 2 times
...
haazybanj
2 years, 2 months ago
Selected Answer: D
D is it
upvoted 2 times
...
alce2020
2 years, 2 months ago
Selected Answer: D
D it is
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel