ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 119 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 119
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted.

What is the SIMPLEST approach the SysOps administrator can take to ensure S3 buckets in those accounts can never be deleted?

  • A. Set up MFA Delete on all the S3 buckets to prevent the buckets from being deleted.
  • B. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
  • C. Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts.
  • D. Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Liongeek at Nov. 17, 2022, 4:18 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
michaldavid
Highly Voted 2 years, 6 months ago
Selected Answer: B
bbbbbbb
upvoted 6 times
jipark
1 year, 10 months ago
SCP deny user's action
upvoted 3 times
...
...
noircesar25
Most Recent 1 year, 1 month ago
you cant delete a bucket if its not empty. so enable MFA would solve the problem because only the root user can delete objects
upvoted 1 times
Aamee
9 months, 2 weeks ago
The question specifically asks for the production account S3 buckets. The MFA option suggests that it applies to all the buckets regardless of any accounts it currently reside in. Plus, it's not operationally efficient to apply the MFA option across several S3 buckets manually compared to just configure through SCP policy across the Org level and for all Production accounts automatically.
upvoted 1 times
...
...
jipark
1 year, 10 months ago
Selected Answer: B
why not C : assigning IAM group to each user manually is not efficient.
upvoted 3 times
...
Liongeek
2 years, 7 months ago
Ans: B
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel