ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 294 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 294
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company uses an organization in AWS Organizations to manage the company's AWS accounts. The company uses AWS CloudFormation to deploy all infrastructure. A finance team wants to build a chargeback model. The finance team asked each business unit to tag resources by using a predefined list of project values.

When the finance team used the AWS Cost and Usage Report in AWS Cost Explorer and filtered based on project, the team noticed noncompliant project values. The company wants to enforce the use of project tags for new resources.

Which solution will meet these requirements with the LEAST effort?

  • A. Create a tag policy that contains the allowed project tag values in the organization's management account. Create an SCP that denies the cloudformation:CreateStack API operation unless a project tag is added. Attach the SCP to each OU.
  • B. Create a tag policy that contains the allowed project tag values in each OU. Create an SCP that denies the cloudformation:CreateStack API operation unless a project tag is added. Attach the SCP to each OU.
  • C. Create a tag policy that contains the allowed project tag values in the AWS management account. Create an IAM policy that denies the cloudformation:CreateStack API operation unless a project tag is added. Assign the policy to each user.
  • D. Use AWS Service Catalog to manage the CloudFormation stacks as products. Use a TagOptions library to control project tag values. Share the portfolio with all OUs that are in the organization.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by bmdf at June 20, 2023, 6:46 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ayadmawla
Highly Voted 11 months ago
Selected Answer: A
The key to the answer is in the first sentence of A and B. You can create a Tag Policy in the Management Account not OU since the OU is not an "Account" but a target where a policy is applied. Tag Policy is not the same as an SCP. See: https://aws.amazon.com/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-service-control-policies-scps/
upvoted 7 times
...
bhanus
Highly Voted 1 year, 4 months ago
Selected Answer: A
A is correct BUT I did NOT like the last line in option A. It says "Attach the SCP to each OU". Why should you attach SCP to each OU. Can't you just attach to RootOU so it gets inherited to child OUs
upvoted 7 times
SmileyCloud
1 year, 4 months ago
The tags are different for each OU.
upvoted 5 times
...
...
Mikado211
Most Recent 12 months ago
Ok this is strange if you do not use this stuff regularly as AWS uses "tag policy" for several different configuration services. You can apply a tag policy on the management account through AWS Organization. If you do it all child OUs will inherit the tag policy. If you do the same "tag policy" on the management account using AWS Resource Groups Tag Editor it will not be inherited. B was a very seductive answer, even chatGPT made a mistake here by defining this answer as good in first occurence. But considering we use AWS Organization to manage everything, it's clearly an AWS Organization Tag Policy which is used here. So a tag policy applied on the management account will be inherited by the child OUs. Answer is A. AWS terminology can be really bad.
upvoted 1 times
...
ggrodskiy
1 year, 3 months ago
Correct A.
upvoted 1 times
...
NikkyDicky
1 year, 4 months ago
Selected Answer: A
A. tag policy create in management account
upvoted 3 times
...
SkyZeroZx
1 year, 4 months ago
Selected Answer: A
A) in management account for tag policy and SCP , Sounds Good B) for each account ? more overhead C ) IAM for account in cloudformation ? is incorrect in this case D) AWS Service Catalog ? why ? incorrect
upvoted 2 times
...
SmileyCloud
1 year, 4 months ago
Selected Answer: A
A - Correct. You create an SCP with allowed tags in the root OU and then attach the SCP to all OUs.
upvoted 1 times
...
Jonalb
1 year, 4 months ago
Selected Answer: A
AAAAAAAAAAAAA
upvoted 1 times
...
jubileu84
1 year, 4 months ago
Correct Answer is A
upvoted 1 times
...
SkyZeroZx
1 year, 4 months ago
Selected Answer: A
A) Is correct in the master account of all organization use SCP is less overhead than B B ) is more overhead than A because in each OU create SCP C ) IAM in all account is more overhead D) is valid but not restrict other options o create with CLI or console the rest service without tags Then A is correct
upvoted 3 times
...
Jackhemo
1 year, 4 months ago
Selected Answer: A
olabiba.ai says 'A'
upvoted 1 times
...
psyx21
1 year, 4 months ago
Selected Answer: A
Correct Answer is A
upvoted 1 times
...
bmdf
1 year, 4 months ago
Selected Answer: A
What not use SCP?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago