exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 785 discussion

A company uses AWS Organizations. The company has an organization that has a central management account. The company plans to provision multiple AWS accounts for different departments. All department accounts must be a member of the company's organization.
Compliance requirements state that each account must have only one VPC. Additionally, each VPC must have an identical network security configuration that includes fully configured subnets, gateways, network ACLs, and security groups.
The company wants this security setup to be automatically applied when a new department account is created. The company wants to use the central management account for all security operations, but the central management account should not have the security setup.
Which approach meets these requirements with the LEAST amount of setup?

  • A. Create an OU within the company's organization. Add department accounts to the OU. From the central management account, create an AWS CloudFormation template that includes the VPC and the network security configurations. Create a CloudFormation stack set by using this template file with automated deployment enabled. Apply the CloudFormation stack set to the OU.
  • B. Create a new organization with the central management account. Invite all AWS department accounts into the new organization. From the central management account, create an AWS CloudFormation template that includes the VPC and the network security configurations. Create a CloudFormation stack that is based on this template. Apply the CloudFormation stack to the newly created organization.
  • C. Invite department accounts to the company's organization. From the central management account, create an AWS CloudFormation template that includes the VPC and the network security configurations. Create an AWS CodePipeline pipeline that will deploy the network security setup to the newly created account. Specify the creation of an account as an event hook. Apply the event hook to the pipeline.
  • D. Invite department accounts to the company's organization. From the central management account, create an AWS CloudFormation template that includes the VPC and the network security configurations. Create an AWS Lambda function that will deploy the VPC and the network security setup to the newly created account. Create an event that watches for account creation. Configure the event to invoke the pipeline.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Ell89
2 years, 2 months ago
Selected Answer: A
A C&D mention inviting accounts into the org. it doesnt state anywhere this needs to be done, says new accounts are to be provisioned. B mentions creating an org, but there already is one. leaves A by default.
upvoted 3 times
...
asfsdfsdf
2 years, 4 months ago
Selected Answer: A
only A mention CF automatic deployment - Also the organization already has a management accounts and it about to create new ones "The organization intends to create many Amazon Web Services accounts for various departments" so no need to invite or create a new ORG
upvoted 4 times
...
cannottellname
2 years, 10 months ago
AAAAAA
upvoted 1 times
...
tkanmani76
2 years, 10 months ago
A - https://aws.amazon.com/blogs/aws/new-use-aws-cloudformation-stacksets-for-multiple-accounts-in-an-aws-organization/
upvoted 4 times
tkanmani76
2 years, 10 months ago
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.html
upvoted 2 times
...
...
CloudChef
2 years, 10 months ago
https://aws.amazon.com/blogs/security/how-to-use-aws-organizations-to-automate-end-to-end-account-creation/
upvoted 2 times
...
CloudChef
2 years, 10 months ago
B "automated deployment enabled"? Not seeing how this is possible in answer A.
upvoted 2 times
wassb
2 years, 1 month ago
I think it's possible : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-manage-auto-deployment.html
upvoted 1 times
...
...
pititcu667
2 years, 10 months ago
i will go with a since the the aws organization is already configured why make a new one when you can just add an OU?
upvoted 2 times
...
GeniusMikeLiu
2 years, 11 months ago
Why not A?
upvoted 2 times
Tokyoboy
2 years, 10 months ago
Existing accounts have to be invited into the OU.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...