ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 355 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 355
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company has multiple AWS accounts in an organization in AWS Organizations. The company is operating its business only in the United States (US) and stores sensitive information in Amazon S3 buckets. Because of the sensitivity of the data, the company wants to block access to S3 buckets that are located in AWS Regions outside the US.

Which SCP should a security engineer use to meet this requirement?

  • A.
  • B.
  • C.
  • D.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Shriraj32 at Nov. 23, 2022, 4:01 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AdamWest
Highly Voted 2 years, 5 months ago
Selected Answer: B
B - This exam loves the double negatives.
upvoted 11 times
...
Jutt
Most Recent 1 year, 1 month ago
B is the answer, A has "NotAction"
upvoted 1 times
...
Toptip
1 year, 11 months ago
Selected Answer: B
B is the correct answer... took me a while to figure out the A has "NotAction" which is wrong ... though A and B are 100% the same lol
upvoted 1 times
...
Fatoch
2 years ago
I think it's D. Because you should allow S3. S3 should be Allow B says that Deny S3 and All US regions.That's why its wrong answer
upvoted 1 times
...
c73bf38
2 years, 2 months ago
Selected Answer: B
Effect, Action, and StringNotLike
upvoted 1 times
...
Chiquitabandita
2 years, 3 months ago
never mind I found the difference between A and B
upvoted 1 times
...
Chiquitabandita
2 years, 3 months ago
what is the difference between A or B, they look the same.
upvoted 1 times
...
Subs2021
2 years, 4 months ago
Selected Answer: B
Ans: B
upvoted 1 times
...
ryogoku
2 years, 4 months ago
Selected Answer: B
Vote B.
upvoted 1 times
...
AWS_SJ
2 years, 4 months ago
What is the different between A and B? Both looks same, am I missng something?
upvoted 1 times
aj2aj2
2 years, 4 months ago
"NotAction" vs "Action"
upvoted 1 times
...
Teknoklutz
2 years, 4 months ago
NotAction Action
upvoted 1 times
...
Wilson_S
2 years, 4 months ago
Took me a minute too! A contains: “ "NotAction" "s3: *"
upvoted 1 times
...
...
BK__
2 years, 5 months ago
Selected Answer: D
D is the correct answer. Do not follow the popular choice but this official AWS doc https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-deny-region
upvoted 2 times
mcitarella87
2 years, 4 months ago
Good find on the article, however it states - "The NotAction element enables you to list services whose operations (or individual operations) are exempted from this restriction. " so because s3 is not being exempt, the answer is B.
upvoted 2 times
...
...
D2
2 years, 5 months ago
Selected Answer: B
Answer B
upvoted 3 times
...
Shriraj32
2 years, 5 months ago
Selected Answer: B
Going for B.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago