ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 709 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 709
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has an organization in AWS Organizations. The company runs Amazon EC2 instances across four AWS accounts in the root organizational unit (OU). There are three nonproduction accounts and one production account. The company wants to prohibit users from launching EC2 instances of a certain size in the nonproduction accounts. The company has created a service control policy (SCP) to deny access to launch instances that use the prohibited types.

Which solutions to deploy the SCP will meet these requirements? (Choose two.)

  • A. Attach the SCP to the root OU for the organization.
  • B. Attach the SCP to the three nonproduction Organizations member accounts.
  • C. Attach the SCP to the Organizations management account.
  • D. Create an OU for the production account. Attach the SCP to the OU. Move the production member account into the new OU.
  • E. Create an OU for the required accounts. Attach the SCP to the OU. Move the nonproduction member accounts into the new OU.
Show Suggested Answer Hide Answer
Suggested Answer: BE 🗳️
by Andy_09 at Feb. 5, 2024, 5:30 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
anikolov
Highly Voted 1 year, 1 month ago
Selected Answer: BE
My vote is for BE
upvoted 12 times
...
mestule
Highly Voted 1 year, 1 month ago
Selected Answer: BE
I think it's B (directly attach) and E (attach via OU).
upvoted 6 times
...
MatAlves
Most Recent 6 months, 2 weeks ago
Selected Answer: BE
B - Attach the SPC to the three accounts E - Creates an OU > moves the member accounts to OU > attach the SCP to OU "If you apply an authorization policy (for example, a service control policy (SCP)), to the root, it applies to all organizational units (OUs) and member accounts in the organization." "A" would also affect the one production account, which we clearly don't want. You can "attach an SCP to a root, OU, or account"
upvoted 2 times
MatAlves
6 months, 2 weeks ago
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html
upvoted 2 times
...
...
sandordini
11 months, 1 week ago
Selected Answer: BE
Only the non-prods need to be limited.
upvoted 4 times
...
67a3f49
1 year, 1 month ago
According to GPT-4 it's AE: A. Attach the SCP to the root OU for the organization. This approach will apply the SCP to all accounts under the organization, including both nonproduction and production accounts. However, without additional context or actions, this does not meet the requirement to exclude the production account from the restrictions. E. Create an OU for the required accounts. Attach the SCP to the OU. Move the nonproduction member accounts into the new OU. This is the correct approach as it directly addresses the requirement. By creating a separate OU for nonproduction accounts and attaching the SCP to this OU, you can specifically target the policy to only those accounts, effectively exempting the production account from the restrictions.
upvoted 1 times
...
1Alpha1
1 year, 1 month ago
Selected Answer: AC
AC - same answer https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html
upvoted 1 times
MatAlves
6 months, 2 weeks ago
The link you provided says: "If you apply an authorization policy (for example, a service control policy (SCP)), to the root, it applies to all organizational units (OUs) and member accounts in the organization." "A" would also affect the one production account, which we clearly don't want. You can "attach an SCP to a root, OU, or account" https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
upvoted 2 times
...
...
Cali182
1 year, 1 month ago
Selected Answer: AD
From Chat A. Attach the SCP to the root OU for the organization: Attaching the SCP to the root OU ensures that it applies to all member accounts within the organization, including both nonproduction and production accounts. D. Create an OU for the production account. Attach the SCP to the OU. Move the production member account into the new OU: By creating a separate OU for the production account and attaching the SCP to that OU, you can ensure that the SCP only affects the nonproduction accounts while allowing the production account to operate without restrictions.
upvoted 2 times
...
Andy_09
1 year, 1 month ago
CE should be the correct answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago