ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 124 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 124
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company has hundreds of AWS accounts. The company recently implemented a centralized internal process for purchasing new Reserved Instances and modifying existing Reserved Instances. This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement. Previously, business units directly purchased or modified Reserved Instances in their own respective AWS accounts autonomously.

A solutions architect needs to enforce the new process in the most secure way possible.

Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

  • A. Ensure that all AWS accounts are part of an organization in AWS Organizations with all features enabled.
  • B. Use AWS Config to report on the attachment of an IAM policy that denies access to the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action.
  • C. In each AWS account, create an IAM policy that denies the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action.
  • D. Create an SCP that denies the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action. Attach the SCP to each OU of the organization.
  • E. Ensure that all AWS accounts are part of an organization in AWS Organizations that uses the consolidated billing feature.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by zhangyu20000 at Jan. 16, 2023, 2:19 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
masetromain
Highly Voted 2 years, 5 months ago
Selected Answer: AD
A and D are the correct answer. A: By ensuring all AWS accounts are part of an organization in AWS Organizations, it allows for centralized management and control of the accounts. This can help enforce the new purchasing process by giving a dedicated team the ability to manage and enforce policies across all accounts. D: By creating an SCP (Service Control Policy) that denies access to the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions, it enforces the new centralized purchasing process. Attaching the SCP to each OU (organizational unit) within the organization ensures that all business units are adhering to the new process. B and C are not the correct answer, because AWS Config and IAM policies are used for monitoring and managing access to resources in an account, respectively. They don't enforce the new process for purchasing reserved instances. E is not the correct answer as this is not related to the new process for purchasing reserved instances.
upvoted 9 times
...
amministrazione
Most Recent 10 months ago
A. Ensure that all AWS accounts are part of an organization in AWS Organizations with all features enabled. D. Create an SCP that denies the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action. Attach the SCP to each OU of the organization.
upvoted 1 times
...
career360guru
1 year, 6 months ago
Selected Answer: AD
A and D
upvoted 1 times
...
atirado
1 year, 6 months ago
A+D achieve the goal of denying access to purchase and to modify Reserved Instances to all OUs. The dedicated team can still perform these actions if they are part of the management account. C, E don't actually do anything, as in, actually control anything at all. B will trigger on the wrong thing to be alarmed about, if triggering an alarm was the goal.
upvoted 1 times
...
dkcloudguru
1 year, 10 months ago
A and D : is the best way
upvoted 1 times
...
NikkyDicky
2 years ago
Selected Answer: AD
AD. A so can use SCP
upvoted 1 times
...
Maria2023
2 years, 1 month ago
Selected Answer: AD
I was not confident about enabling all features because I was messing "features" and "services". Yes - you need to enable all features, otherwise you cannot control the accounts in your organization. The rest is common sense
upvoted 3 times
...
mfsec
2 years, 3 months ago
Selected Answer: AD
AD easy
upvoted 3 times
...
zozza2023
2 years, 5 months ago
Selected Answer: AD
A and D
upvoted 4 times
...
zhangyu20000
2 years, 5 months ago
AD are correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel