ANS-C01 · Question #225
ANS-C01 Question #225: Real Exam Question with Answer & Explanation
Sign in or unlock ANS-C01 to reveal the answer and full explanation for question #225. The question stem and answer options stay visible for context.
Question
A company has AWS accounts in an organization in AWS Organizations. The company has implemented Amazon VPC IP Address Manager (IPAM) in its networking AWS account. The company is using AWS Resource Access Manager (AWS RAM) to share IPAM pools with other AWS accounts. The company has created a top-level pool with a CIDR block of 10.0.0.0/8. For each AWS account, the company has created an IPAM pool within the top-level pool. A network engineer needs to implement a solution to ensure that users in each AWS account cannot create new VPCs. The solution also must prevent users from associating a CIDR block with existing VPCs unless the CIDR block is from the IPAM pool for that account. Which solution will meet these requirements?
Options
- ACreate a new AWS Config rule to find all VPCs that are not configured to allocate their CIDR
- BCreate a new SCP in Organizations. Add a condition that denies the CreateVpc and
- CCreate an AWS Lambda function to check for and delete all VPCs that are not configured to
- DCreate an Amazon EventBridge rule to check for AWS CloudTrail events for the CreateVpc and
Unlock ANS-C01 to see the answer
You've previewed enough free ANS-C01 questions. Unlock ANS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.