ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 412 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 412
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company wants to ensure that the workloads for each of its business units have complete autonomy and a minimal blast radius in AWS. The Security team must be able to control access to the resources and services in the account to ensure that particular services are not used by the business units.
How can a Solutions Architect achieve the isolation requirements?

  • A. Create individual accounts for each business unit and add the account to an OU in AWS Organizations. Modify the OU to ensure that the particular services are blocked. Federate each account with an IdP, and create separate roles for the business units and the Security team.
  • B. Create individual accounts for each business unit. Federate each account with an IdP and create separate roles and policies for business units and the Security team.
  • C. Create one shared account for the entire company. Create separate VPCs for each business unit. Create individual IAM policies and resource tags for each business unit. Federate each account with an IdP, and create separate roles for the business units and the Security team.
  • D. Create one shared account for the entire company. Create individual IAM policies and resource tags for each business unit. Federate the account with an IdP, and create separate roles for the business units and the Security team.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by dpvnme at Sept. 17, 2019, 9:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dpvnme
Highly Voted 3 years, 9 months ago
This question is made for A.
upvoted 30 times
...
donathon
Highly Voted 3 years, 8 months ago
A The best way is to use SCP and individual account. B: This is difficult to manage. C\D: Does not reduce the blast radius.
upvoted 15 times
...
SkyZeroZx
Most Recent 2 years ago
Selected Answer: A
KEYWORD == AWS Organizations
upvoted 1 times
...
epomatti
2 years, 9 months ago
Selected Answer: A
A no brainer
upvoted 1 times
...
tracyli
2 years, 10 months ago
I choose d, because others are all saying that an idp with each accounts.
upvoted 1 times
...
cldy
3 years, 6 months ago
A. Create individual accounts for each business unit and add the account to an OU in AWS Organizations. Modify the OU to ensure that the particular services are blocked. Federate each account with an IdP, and create separate roles for the business units and the Security team.
upvoted 2 times
...
AzureDP900
3 years, 6 months ago
I'll go with A
upvoted 1 times
...
student22
3 years, 7 months ago
A ---
upvoted 1 times
...
andylogan
3 years, 7 months ago
It's A
upvoted 2 times
...
Shran
3 years, 7 months ago
In question it is specifying security team wants to control resources and services.. from scp you cannot control resources.. so answer should be B
upvoted 1 times
...
victordun
3 years, 7 months ago
A - SCP hidden deliberately, OU and multiaccount strategy is the key to reduce blast radius
upvoted 1 times
...
WhyIronMan
3 years, 7 months ago
I'll go with A
upvoted 1 times
...
Kian1
3 years, 7 months ago
going with A
upvoted 2 times
...
Ebi
3 years, 7 months ago
My answer is A
upvoted 4 times
...
bnagaraja9099
3 years, 7 months ago
Poorly written responses. Even without responses all of us know OU with SCP is the best way to handle it.
upvoted 1 times
...
sanjaym
3 years, 7 months ago
A for sure.
upvoted 1 times
...
Lance_D
3 years, 8 months ago
Ans A is the most sensible choice here
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel