ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 270 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 270
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is expanding. The company plans to separate its resources into hundreds of different AWS accounts in multiple AWS Regions. A solutions architect must recommend a solution that denies access to any operations outside of specifically designated Regions.

Which solution will meet these requirements?

  • A. Create IAM roles for each account. Create IAM policies with conditional allow permissions that include only approved Regions for the accounts.
  • B. Create an organization in AWS Organizations. Create IAM users for each account. Attach a policy to each user to block access to Regions where an account cannot deploy infrastructure.
  • C. Launch an AWS Control Tower landing zone. Create OUs and attach SCPs that deny access to run services outside of the approved Regions.
  • D. Enable AWS Security Hub in each account. Create controls to specify the Regions where an account can deploy infrastructure.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by psyx21 at June 21, 2023, 11:26 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
career360guru
5 months, 2 weeks ago
Selected Answer: C
B is incorrect as it is too difficult to maintain. C is correct answer.
upvoted 2 times
...
Gabehcoud
8 months, 2 weeks ago
my bad, "attach a policy to each user" its a tedious tasks. ignore my previous message.
upvoted 2 times
...
Gabehcoud
8 months, 2 weeks ago
can someone please detail why the answer cannot be B?
upvoted 1 times
joleneinthebackyard
6 months ago
For this type of question (organization and policy for many accounts), we avoid options that require actions on each account/user. There's always better option to set policies at one place.
upvoted 4 times
...
...
NikkyDicky
10 months ago
Selected Answer: C
its a C
upvoted 1 times
...
SmileyCloud
10 months, 1 week ago
Selected Answer: C
AWS Org, Control Tower and SCPs.
upvoted 4 times
...
Alabi
10 months, 1 week ago
Selected Answer: C
C for sure
upvoted 1 times
...
gd1
10 months, 1 week ago
Selected Answer: C
Control Tower with SCP (deny ) solves the issues
upvoted 2 times
...
bhanus
10 months, 2 weeks ago
Selected Answer: C
C is the answer
upvoted 1 times
...
psyx21
10 months, 2 weeks ago
Selected Answer: C
Correct Answer is C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago