Exam AWS-SysOps topic 1 question 882 discussion

Exam question from Amazon's AWS-SysOps

Question #: 882
Topic #: 1

A company is managing multiple AWS accounts using AWS Organizations. One of these accounts is used only for retaining logs in an Amazon S3 bucket. The company wants to make sure that compute resources cannot be used in the account.
How can this be accomplished with the LEAST administrative effort?

A. Apply an IAM policy to all IAM entities in the account with a statement to explicitly deny NotAction: s3:*.
B. Configure AWS Config to terminate compute resources that have been created in the accounts.
C. Configure AWS CloudTrail to block any action where the event source is not s3:amazonaws.com.
D. Update the service control policy on the account to deny the unapproved services.

Show Suggested Answer

Suggested Answer: D 🗳️

by sig at May 13, 2021, 10:21 a.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.