ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 1007 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 1007
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company is developing and hosting several projects in the AWS Cloud. The projects are developed across multiple AWS accounts under the same organization in AWS Organizations. The company requires the cost for cloud infrastructure to be allocated to the owning project. The team responsible for all of the AWS accounts has discovered that several Amazon EC2 instances are lacking the Project tag used for cost allocation.

Which actions should a solutions architect take to resolve the problem and prevent it from happening in the future? (Choose three.)

  • A. Create an AWS Config rule in each account to find resources with missing tags.
  • B. Create an SCP in the organization with a deny action for ec2:Runlnstances if the Project tag is missing.
  • C. Use Amazon Inspector in the organization to find resources with missing tags.
  • D. Create an IAM policy in each account with a deny action for ec2:Runlnstances if the Project tag is missing.
  • E. Create an AWS Config aggregator for the organization to collect a list of EC2 instances with the missing Project tag.
  • F. Use AWS Security Hub to aggregate a list of EC2 instances with the missing Project tag.
Show Suggested Answer Hide Answer
Suggested Answer: ABE 🗳️
by ggrodskiy at Dec. 1, 2022, 9:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pitakk
Highly Voted 2 years, 3 months ago
Selected Answer: ABE
Create Config rule to find resources in all accounts. Aggregate those cross-account findings with Config aggregator so you can see it in one place. Deny ec2:RunInstances with SCP.
upvoted 9 times
...
Sin_Dan
Most Recent 6 months, 1 week ago
Selected Answer: ABE
ABE is the right answer in my opinion. However, I believe this question is missing an option to fix the existing instances, which is one of the requirements here. Also, we don't need both option A and E. Only the method in option E is enough.
upvoted 1 times
...
backbencher2022
8 months, 1 week ago
Selected Answer: BEF
While, there is no confusion that B&E must be selected for this question. The decision to choose between option A & F can easily be taken by understanding the fact that option F (security hub) is easy to configure. Option A requires more effort. They didn't ask for the option with least effort but assume in these exam situation that they would always ask for options which are easy to implement, has less operational overhead, secure and cost efficient. So, B, E and F are the correct options. Check this documentation for more details about Security Hub capability to find missing tags - https://docs.aws.amazon.com/securityhub/latest/userguide/standards-tagging.html
upvoted 1 times
...
Ebi
1 year, 1 month ago
ABE is the correct answer
upvoted 1 times
...
ggrodskiy
1 year, 9 months ago
Correct ABE
upvoted 2 times
...
brfc
2 years, 2 months ago
ABE seems most likely
upvoted 1 times
...
Heer
2 years, 3 months ago
Its ABE with the same explanation
upvoted 3 times
...
Heer
2 years, 3 months ago
BEF ,There are two ask in the question : 1)Find out the list of EC2 instances which are missing tags (Option E and F) 2)Make sure this doesn't happen in the future (Since this is applicable for all the accounts under an organization so SCP seems to be a better option )
upvoted 1 times
MikelH93
1 year, 11 months ago
For F they said "Use AWS Security Hub to aggregate a list of EC2 instances with the missing Project tag." to its just for listing not action but It would have been good if it had been more detailed
upvoted 1 times
...
...
Vash2303
2 years, 3 months ago
Selected Answer: BEF
B for SCP E & F. config aggregator and display/action using security hub
upvoted 2 times
...
ggrodskiy
2 years, 4 months ago
Correct BDE
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago