exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 619 discussion

A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining standard security controls. Because the individual developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified.

Which action meets these requirements?

  • A. Create an IAM policy that prohibits changes to CloudTrail. and attach it to the root user.
  • B. Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled.
  • C. Create a service control policy (SCP) that prohibits changes to CloudTrail, and attach it the developer accounts.
  • D. Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the management account.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
taustin2
Highly Voted 1 year ago
Selected Answer: C
For Organizations to restrict users in accounts, use an SCP.
upvoted 7 times
...
Xin123
Highly Voted 1 year ago
Selected Answer: C
Organizations + Restricts = SCP
upvoted 7 times
...
awsgeek75
Most Recent 8 months, 3 weeks ago
Selected Answer: C
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
upvoted 4 times
awsgeek75
8 months, 2 weeks ago
C is correct but for my sanity I want to know what D is talking about as it makes no sense to me. Can someone explain?
upvoted 2 times
LeonSauveterre
3 months, 2 weeks ago
The "policy condition" mentioned in option D can never be created. A service-linked role is a type of IAM role that is predefined by AWS and tightly integrated with AWS services, allowing AWS services to perform actions on your behalf. However, service-linked roles are not meant to control or restrict user actions, but simply designed for services to function correctly.
upvoted 1 times
...
...
...
TariqKipkemei
10 months ago
Selected Answer: C
Guardrails = service control policy
upvoted 1 times
...
Ramdi1
12 months ago
Selected Answer: C
C - Use SCP best way
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago