Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 293 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02

Question #: 293
Topic #: 1

[All AWS Certified Security - Specialty SCS-C02 Questions]

A company’s developers are using AWS Lambda function URLs to invoke functions directly. The company must ensure that developers cannot configure or deploy unauthenticated functions in production accounts. The company wants to meet this requirement by using AWS Organizations. The solution must not require additional work for the developers.

Which solution will meet these requirements?

A. Require the developers to configure all function URL to support cross-origin resource sharing (CORS) when the functions are called from a different domain.
B. Use an AWS WAF delegated administrator account to view and block unauthenticated access to function URLs in production accounts, based on the OU of accounts that are using the functions.
C. Use SCPs to allow all lambda:CreateFunctionUrlConfig and lambda:UpdateFunctionUrlConfig actions that have a lambda:FunctionUrlAuthType condition key value of AWS_IAM.
D. Use SCPs to deny all lambda:CreateFunctionUrlConfig and lambda:UpdateFunctionUrlConfig actions that have a lambda:FunctionUrlAuthType condition key value of NONE.

Show Suggested Answer

Suggested Answer: D 🗳️

by Pmktechno at Jan. 6, 2025, 1:37 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

rinip86277

1 day, 20 hours ago

Selected Answer: D

I would go with D

upvoted 1 times

...