Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 709 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 709
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has an organization in AWS Organizations. The company runs Amazon EC2 instances across four AWS accounts in the root organizational unit (OU). There are three nonproduction accounts and one production account. The company wants to prohibit users from launching EC2 instances of a certain size in the nonproduction accounts. The company has created a service control policy (SCP) to deny access to launch instances that use the prohibited types.

Which solutions to deploy the SCP will meet these requirements? (Choose two.)

  • A. Attach the SCP to the root OU for the organization.
  • B. Attach the SCP to the three nonproduction Organizations member accounts.
  • C. Attach the SCP to the Organizations management account.
  • D. Create an OU for the production account. Attach the SCP to the OU. Move the production member account into the new OU.
  • E. Create an OU for the required accounts. Attach the SCP to the OU. Move the nonproduction member accounts into the new OU.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by Andy_09 at Feb. 5, 2024, 5:30 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
anikolov
Highly Voted 9 months, 2 weeks ago
Selected Answer: BE
My vote is for BE
upvoted 11 times
...
MatAlves
Most Recent 2 months ago
Selected Answer: BE
B - Attach the SPC to the three accounts E - Creates an OU > moves the member accounts to OU > attach the SCP to OU "If you apply an authorization policy (for example, a service control policy (SCP)), to the root, it applies to all organizational units (OUs) and member accounts in the organization." "A" would also affect the one production account, which we clearly don't want. You can "attach an SCP to a root, OU, or account"
upvoted 1 times
MatAlves
2 months ago
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html
upvoted 1 times
...
...
sandordini
6 months, 4 weeks ago
Selected Answer: BE
Only the non-prods need to be limited.
upvoted 3 times
...
67a3f49
9 months ago
According to GPT-4 it's AE: A. Attach the SCP to the root OU for the organization. This approach will apply the SCP to all accounts under the organization, including both nonproduction and production accounts. However, without additional context or actions, this does not meet the requirement to exclude the production account from the restrictions. E. Create an OU for the required accounts. Attach the SCP to the OU. Move the nonproduction member accounts into the new OU. This is the correct approach as it directly addresses the requirement. By creating a separate OU for nonproduction accounts and attaching the SCP to this OU, you can specifically target the policy to only those accounts, effectively exempting the production account from the restrictions.
upvoted 1 times
...
1Alpha1
9 months, 1 week ago
Selected Answer: AC
AC - same answer https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html
upvoted 1 times
MatAlves
2 months ago
The link you provided says: "If you apply an authorization policy (for example, a service control policy (SCP)), to the root, it applies to all organizational units (OUs) and member accounts in the organization." "A" would also affect the one production account, which we clearly don't want. You can "attach an SCP to a root, OU, or account" https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
upvoted 1 times
...
...
Cali182
9 months, 2 weeks ago
Selected Answer: AD
From Chat A. Attach the SCP to the root OU for the organization: Attaching the SCP to the root OU ensures that it applies to all member accounts within the organization, including both nonproduction and production accounts. D. Create an OU for the production account. Attach the SCP to the OU. Move the production member account into the new OU: By creating a separate OU for the production account and attaching the SCP to that OU, you can ensure that the SCP only affects the nonproduction accounts while allowing the production account to operate without restrictions.
upvoted 2 times
...
mestule
9 months, 2 weeks ago
Selected Answer: BE
I think it's B (directly attach) and E (attach via OU).
upvoted 4 times
...
Andy_09
9 months, 2 weeks ago
CE should be the correct answer
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel