ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 488 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 488
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A 4-year-old media company is using the AWS Organizations all features feature set to organize its AWS accounts. According to the company's finance team, the billing information on the member accounts must not be accessible to anyone, including the root user of the member accounts.

Which solution will meet these requirements?

  • A. Add all finance team users to an IAM group. Attach an AWS managed policy named Billing to the group.
  • B. Attach an identity-based policy to deny access to the billing information to all users, including the root user.
  • C. Create a service control policy (SCP) to deny access to the billing information. Attach the SCP to the root organizational unit (OU).
  • D. Convert from the Organizations all features feature set to the Organizations consolidated billing feature set.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by nosense at May 17, 2023, 11:54 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cloudenthusiast
Highly Voted 1 year, 1 month ago
Selected Answer: C
Service Control Policies (SCP): SCPs are an integral part of AWS Organizations and allow you to set fine-grained permissions on the organizational units (OUs) within your AWS Organization. SCPs provide central control over the maximum permissions that can be granted to member accounts, including the root user. Denying Access to Billing Information: By creating an SCP and attaching it to the root OU, you can explicitly deny access to billing information for all accounts within the organization. SCPs can be used to restrict access to various AWS services and actions, including billing-related services. Granular Control: SCPs enable you to define specific permissions and restrictions at the organizational unit level. By denying access to billing information at the root OU, you can ensure that no member accounts, including root users, have access to the billing information.
upvoted 7 times
...
Kiki_Pass
Highly Voted 10 months, 3 weeks ago
but SCP do not apply to the management account (full admin power)?
upvoted 5 times
TwinSpark
1 month, 2 weeks ago
i can understand this information coming from the famous course in udemy. I tought same, but after some research i now think it is a wrong information. "SCPs affect all users and roles in attached accounts, including the root user. The only exceptions are those described in Tasks and entities not restricted by SCPs." https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html#:~:text=SCPs%20affect%20all%20users%20and,affect%20any%20service%2Dlinked%20role.
upvoted 3 times
...
...
potomac
Most Recent 7 months, 3 weeks ago
Selected Answer: C
SCP is for authorization
upvoted 3 times
...
Guru4Cloud
10 months ago
Selected Answer: C
C. Create a service control policy (SCP) to deny access to the billing information. Attach the SCP to the root organizational unit (OU)
upvoted 3 times
...
PRASAD180
11 months, 3 weeks ago
C Crt 100%
upvoted 2 times
...
TariqKipkemei
12 months ago
Selected Answer: C
Service control policy are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization’s access control guidelines. SCPs are available only in an organization that has all features enabled.
upvoted 4 times
...
Abrar2022
1 year ago
By denying access to billing information at the root OU, you can ensure that no member accounts, including root users, have access to the billing information.
upvoted 2 times
...
nosense
1 year, 1 month ago
Selected Answer: C
c for me
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago