Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 780 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 780
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company manages multiple AWS accounts by using AWS Organizations. Under the root OU, the company has two OUs: Research and DataOps.
Because of regulatory requirements, all resources that the company deploys in the organization must reside in the ap-northeast-1 Region. Additionally, EC2 instances that the company deploys in the DataOps OU must use a predefined list of instance types.
A solutions architect must implement a solution that applies these restrictions. The solution must maximize operational efficiency and must minimize ongoing maintenance.
Which combination of steps will meet these requirements? (Choose two.)

  • A. Create an IAM role in one account under the DataOps OU. Use the ec2:InstanceType condition key in an inline policy on the role to restrict access to specific instance type.
  • B. Create an IAM user in all accounts under the root OU. Use the aws:RequestedRegion condition key in an inline policy on each user to restrict access to all AWS Regions except ap-northeast-1.
  • C. Create an SCP. Use the aws:RequestedRegion condition key to restrict access to all AWS Regions except ap-northeast-1. Apply the SCP to the root OU.
  • D. Create an SCP. Use the ec2:Region condition key to restrict access to all AWS Regions except ap-northeast-1. Apply the SCP to the root OU, the DataOps OU, and the Research OU.
  • E. Create an SCP. Use the ec2:InstanceType condition key to restrict access to specific instance types. Apply the SCP to the DataOps OU.
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
by Firelord at Dec. 30, 2021, 10:36 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
gsaini
Highly Voted 2 years, 8 months ago
C & E should be right answer.
upvoted 8 times
...
Raphaello
Most Recent 7 months, 2 weeks ago
Selected Answer: CE
Correct answers are C & E
upvoted 1 times
...
janvandermerwer
1 year, 11 months ago
Selected Answer: CE
C - Yes - Apply once to Root OU which will propogate to all accounts "Because of regulatory requirements, ALL resources" E - Yes - Logical remaining answer A - High overhead B - High overhead D - Wrong as you'll need to add the policy multiple times to different OUs, compared to adding once (More operational overhead)
upvoted 1 times
...
gnandam
2 years ago
C& E - https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_deny-requested-region.html
upvoted 1 times
...
gondohwe
2 years, 1 month ago
combination of C,E make sense
upvoted 1 times
...
Hasitha99
2 years, 6 months ago
Selected Answer: CE
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_ec2.html)
upvoted 2 times
...
RVivek
2 years, 8 months ago
C & E. B: Wrong . Creating user ccount in each account and adding and in line policy for each account is too much adminstrative work
upvoted 1 times
...
RVivek
2 years, 8 months ago
C & E.
upvoted 1 times
...
Buggie
2 years, 9 months ago
C and E.
upvoted 2 times
...
guruaws2021
2 years, 9 months ago
The answer should be CE here
upvoted 1 times
...
Firelord
2 years, 9 months ago
C & É (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_ec2.html)
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel