Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 258 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02

Question #: 258
Topic #: 1

[All AWS Certified Security - Specialty SCS-C02 Questions]

A company is using AWS Organizations with the default SCP. The company needs to restrict AWS usage for all AWS accounts that are in a specific OU.

Except for some desired global services, the AWS usage must occur only in the eu-west-1 Region for all accounts in the OU. A security engineer must create an SCP that applies the restriction to existing accounts and any new accounts in the OU.

Which SCP will meet these requirements?

Show Suggested Answer

Suggested Answer: C 🗳️

by Bachhu at Jan. 6, 2025, 2:52 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

fcbflo

1 month, 3 weeks ago

Selected Answer: C

Option C is the correct answer. Here's why: The requirement is to restrict AWS usage to only eu-west-1 region (except for global services). This means we need to: Use "Deny" effect to block access Use "StringNotEquals" condition to deny requests to any region that is NOT eu-west-1 Use "NotAction" to exclude the desired global services from this restriction

upvoted 1 times

...

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 258 discussion

Comments

fcbflo

SY0-701