ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 668 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 668
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company created a new organization in AWS Organizations. The organization has multiple accounts for the company's development teams. The development team members use AWS IAM Identity Center (AWS Single Sign-On) to access the accounts. For each of the company's applications, the development teams must use a predefined application name to tag resources that are created.

A solutions architect needs to design a solution that gives the development team the ability to create resources only if the application name tag has an approved value.

Which solution will meet these requirements?

  • A. Create an IAM group that has a conditional Allow policy that requires the application name tag to be specified for resources to be created.
  • B. Create a cross-account role that has a Deny policy for any resource that has the application name tag.
  • C. Create a resource group in AWS Resource Groups to validate that the tags are applied to all resources in all accounts.
  • D. Create a tag policy in Organizations that has a list of allowed application names.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by rcptryk at Dec. 2, 2023, 11:45 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
awsgeek75
Highly Voted 9 months, 2 weeks ago
Selected Answer: D
A: Don't think this is possible. B: Cross account role with deny policy? Never seen anything like this C: Resource groups have nothing to do with allowed tags D: Correct https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
upvoted 6 times
...
pentium75
Most Recent 9 months, 3 weeks ago
Selected Answer: D
Other options don't make sense
upvoted 4 times
...
m_y_s
10 months, 2 weeks ago
Selected Answer: D
A tag policy can also specify that noncompliant tagging operations on specified resource types are enforced. In other words, noncompliant tagging requests on specified resource types are prevented from completing.
upvoted 2 times
...
Beshowasfy
10 months, 2 weeks ago
Selected Answer: D
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
upvoted 3 times
...
SHAAHIBHUSHANAWS
10 months, 3 weeks ago
D https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
upvoted 2 times
...
rcptryk
10 months, 3 weeks ago
Selected Answer: D
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago