A security engineer is using AWS Organizations and wants to optimize SCPs. The security engineer needs to ensure that the SCPs conform to best practices. Which approach should the security engineer take to meet this requirement?
A.
Use AWS IAM Access Analyzer to analyze the polices. View the findings from policy validation checks.
B.
Review AWS Trusted Advisor checks for all accounts in the organization.
C.
Set up AWS Audit Manager. Run an assessment for all AWS Regions for all accounts.
D.
Ensure that Amazon Inspector agents are installed on all Amazon EC2 instances in all accounts.
It seems IAM Access Analyzer
> This powerful new feature will help you to construct IAM policies and SCPs that take advantage of time-tested AWS best practices.
https://aws.amazon.com/jp/blogs/aws/iam-access-analyzer-update-policy-validation/
You can create AWS IAM Access Analyzer in AWS Organizations as the zone of trust.
https://aws.amazon.com/blogs/aws/new-use-aws-iam-access-analyzer-in-aws-organizations/
No, cuz Trusted Advisor doesn't analyze anything with the SCP level so hence A is correct here.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
bannium
Highly Voted 1 year, 1 month agoRaphaello
Most Recent 10 months agotrashbox
11 months, 3 weeks agoAgboolaKun
1 year, 1 month agopupsik
1 year, 1 month agoahrentom
1 year, 1 month agoAamee
1 year ago