ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 433 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 433
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is running its production and nonproduction environment workloads in multiple AWS accounts. The accounts are in an organization in AWS Organizations. The company needs to design a solution that will prevent the modification of cost usage tags.

Which solution will meet these requirements?

  • A. Create a custom AWS Config rule to prevent tag modification except by authorized principals.
  • B. Create a custom trail in AWS CloudTrail to prevent tag modification.
  • C. Create a service control policy (SCP) to prevent tag modification except by authorized principals.
  • D. Create custom Amazon CloudWatch logs to prevent tag modification.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by nosense at May 16, 2023, 12:23 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Guru4Cloud
Highly Voted 1 year ago
Selected Answer: C
Tip: AWS Organziaton + service control policy (SCP) - This for any questions, you see both together. then you tell me C. Create a service control policy (SCP) to prevent tag modification except by authorized principals.
upvoted 7 times
...
awsgeek75
Most Recent 8 months ago
Selected Answer: C
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html AWS example for this question/use case: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_tagging.html#example-require-restrict-tag-mods-to-admin
upvoted 3 times
...
james2033
1 year, 1 month ago
Selected Answer: C
D "Amazon CloudWatch" just for logging, not for prevent tag modification https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies-cwe.html Amazon Organziaton has "Service Control Policy (SCP)" with "tag policy" https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html . Choose C. AWS Config for technical stuff, not for tag policies. Not A.
upvoted 4 times
...
TariqKipkemei
1 year, 2 months ago
Selected Answer: C
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
upvoted 2 times
...
alexandercamachop
1 year, 3 months ago
Selected Answer: C
Anytime we need to restrict anything in an AWS Organization, it is SCP Policies.
upvoted 3 times
...
Abrar2022
1 year, 3 months ago
AWS Config is for tracking configuration changes
upvoted 2 times
Abrar2022
1 year, 3 months ago
so it's wrong. Right asnwer is C
upvoted 3 times
...
...
antropaws
1 year, 3 months ago
Selected Answer: C
I'd say C.
upvoted 3 times
...
hiroohiroo
1 year, 3 months ago
Selected Answer: C
https://docs.aws.amazon.com/ja_jp/organizations/latest/userguide/orgs_manage_policies_scps_examples_tagging.html
upvoted 4 times
...
nosense
1 year, 3 months ago
Selected Answer: C
Denies tag: modify
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago