Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 619 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 619
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining standard security controls. Because the individual developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified.

Which action meets these requirements?

  • A. Create an IAM policy that prohibits changes to CloudTrail. and attach it to the root user.
  • B. Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled.
  • C. Create a service control policy (SCP) that prohibits changes to CloudTrail, and attach it the developer accounts.
  • D. Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the management account.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by taustin2 at Sept. 22, 2023, 11:55 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Xin123
Highly Voted 1 year ago
Selected Answer: C
Organizations + Restricts = SCP
upvoted 6 times
...
taustin2
Highly Voted 1 year ago
Selected Answer: C
For Organizations to restrict users in accounts, use an SCP.
upvoted 6 times
...
awsgeek75
Most Recent 9 months, 1 week ago
Selected Answer: C
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
upvoted 3 times
awsgeek75
8 months, 4 weeks ago
C is correct but for my sanity I want to know what D is talking about as it makes no sense to me. Can someone explain?
upvoted 1 times
...
...
TariqKipkemei
10 months, 3 weeks ago
Selected Answer: C
Guardrails = service control policy
upvoted 1 times
...
Ramdi1
1 year ago
Selected Answer: C
C - Use SCP best way
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel