ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 492 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 492
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A large global financial services company has multiple business units. The company wants to allow Developers to try new services, but there are multiple compliance requirements for different workloads. The Security team is concerned about the access strategy for on-premises and AWS implementations. They would like to enforce governance for AWS services used by business teams for regulatory workloads, including Payment Card Industry (PCI) requirements.
Which solution will address the Security team's concerns and allow the Developers to try new services?

  • A. Implement a strong identity and access management model that includes users, groups, and roles in various AWS accounts. Ensure that centralized AWS CloudTrail logging is enabled to detect anomalies. Build automation with AWS Lambda to tear down unapproved AWS resources for governance.
  • B. Build a multi-account strategy based on business units, environments, and specific regulatory requirements. Implement SAML-based federation across all AWS accounts with an on-premises identity store. Use AWS Organizations and build organizational units (OUs) structure based on regulations and service governance. Implement service control policies across OUs.
  • C. Implement a multi-account strategy based on business units, environments, and specific regulatory requirements. Ensure that only PCI-compliant services are approved for use in the accounts. Build IAM policies to give access to only PCI-compliant services for governance.
  • D. Build one AWS account for the company for strong security controls. Ensure that all the service limits are raised to meet company scalability requirements. Implement SAML federation with an on-premises identity store, and ensure that only approved services are used in the account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
by dpvnme at Sept. 19, 2019, 5:24 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
donathon
Highly Voted 3 years, 9 months ago
A: Too reactive. The users will still be able to do what they want. B: Sounds feasible. C: SCP should be used because this is multi-account. D: Too restrictive and it does not address Developer’s needs.
upvoted 34 times
...
Moon
Highly Voted 3 years, 9 months ago
My preference is "B". A: stop developers from trying new services. C: does not show the enforcement tool. D: one account contradict with the requirement.
upvoted 28 times
...
SkyZeroZx
Most Recent 2 years ago
Selected Answer: B
go with B => SCP
upvoted 1 times
...
mimadour21698
2 years, 1 month ago
Selected Answer: B
go with B => SCP
upvoted 1 times
...
aandc
3 years ago
go with B
upvoted 1 times
...
cldy
3 years, 7 months ago
B. Build a multi-account strategy based on business units, environments, and specific regulatory requirements. Implement SAML-based federation across all AWS accounts with an on-premises identity store. Use AWS Organizations and build organizational units (OUs) structure based on regulations and service governance. Implement service control policies across OUs.
upvoted 1 times
...
cldy
3 years, 7 months ago
B. Build a multi-account strategy based on business units, environments, and specific regulatory requirements. Implement SAML-based federation across all AWS accounts with an on-premises identity store. Use AWS Organizations and build organizational units (OUs) structure based on regulations and service governance. Implement service control policies across OUs.
upvoted 1 times
...
AzureDP900
3 years, 7 months ago
B is suitable for the requirement.
upvoted 2 times
...
acloudguru
3 years, 7 months ago
this is easy one ,hope i can have it in my exam. B
upvoted 1 times
...
Kopa
3 years, 8 months ago
Going for B
upvoted 1 times
...
moon2351
3 years, 8 months ago
Answer is B
upvoted 1 times
...
WhyIronMan
3 years, 8 months ago
I'll go with B
upvoted 2 times
...
Waiweng
3 years, 8 months ago
it's B
upvoted 3 times
...
Kian1
3 years, 8 months ago
going with B
upvoted 2 times
...
Ebi
3 years, 8 months ago
I go with B
upvoted 3 times
...
01037
3 years, 8 months ago
I guess B Two requirements 1. The Security team is concerned about the access strategy for on-premises and AWS implementations. → I guess we need to use ID store on premise. 2. They would like to enforce governance for AWS services used by business team for regulatory workloads, including Payment Card Industry (PCI) requirements. → Organization and SCP are needed.
upvoted 3 times
...
T14102020
3 years, 8 months ago
Correct answer is B. AWS organizations and SCP.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel