ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 619 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 619
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining standard security controls. Because the individual developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified.

Which action meets these requirements?

  • A. Create an IAM policy that prohibits changes to CloudTrail. and attach it to the root user.
  • B. Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled.
  • C. Create a service control policy (SCP) that prohibits changes to CloudTrail, and attach it the developer accounts.
  • D. Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the management account.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by taustin2 at Sept. 22, 2023, 11:55 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
taustin2
Highly Voted 1 year, 2 months ago
Selected Answer: C
For Organizations to restrict users in accounts, use an SCP.
upvoted 7 times
...
Xin123
Highly Voted 1 year, 2 months ago
Selected Answer: C
Organizations + Restricts = SCP
upvoted 7 times
...
awsgeek75
Most Recent 11 months, 1 week ago
Selected Answer: C
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
upvoted 4 times
awsgeek75
11 months ago
C is correct but for my sanity I want to know what D is talking about as it makes no sense to me. Can someone explain?
upvoted 2 times
LeonSauveterre
6 months ago
The "policy condition" mentioned in option D can never be created. A service-linked role is a type of IAM role that is predefined by AWS and tightly integrated with AWS services, allowing AWS services to perform actions on your behalf. However, service-linked roles are not meant to control or restrict user actions, but simply designed for services to function correctly.
upvoted 1 times
...
...
...
TariqKipkemei
1 year ago
Selected Answer: C
Guardrails = service control policy
upvoted 1 times
...
Ramdi1
1 year, 2 months ago
Selected Answer: C
C - Use SCP best way
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel