nerdexam
Amazon

PAS-C01 · Question #120

A company is starting a new project to implement an SAP landscape with multiple accounts that belong to multiple teams in the us-east-2 Region. These teams include procurement, finance, sales, and hum

The correct answer is D. Apply SCPs through AWS Control Tower. Use the AWS Control Tower integrated dashboard to. AWS Control Tower is a service that automates the set-up of a multi-account AWS environment and provides guardrails to help enforce compliance and security best practices. By using AWS Control Tower, the company can apply SCPs to multiple accounts, monitor policies across multipl

Design of SAP Workloads on AWS

Question

A company is starting a new project to implement an SAP landscape with multiple accounts that belong to multiple teams in the us-east-2 Region. These teams include procurement, finance, sales, and human resources. An SAP solutions architect has started designing this new landscape and the AWS account structures. The company wants to use automation as much as possible. The company also wants to secure the environment, implement federated access to accounts, centralize logging, and establish cross-account security audits. In addition, the company's management team needs to receive a top-level summary of policies that are applied to the AWS accounts. What should the SAP solutions architect do to meet these requirements?

Options

  • AUse AWS CloudFormation StackSets to apply SCPs to multiple accounts in multiple Regions. Use
  • BUse an AWS Elastic Beanstalk blue/green deployment to create IAM policies and apply them to
  • CImplement guardrails by using AWS CodeDeploy and AWS CodePipeline to deploy SCPs into
  • DApply SCPs through AWS Control Tower. Use the AWS Control Tower integrated dashboard to

How the community answered

(23 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    9% (2)
  • D
    83% (19)

Explanation

AWS Control Tower is a service that automates the set-up of a multi-account AWS environment and provides guardrails to help enforce compliance and security best practices. By using AWS Control Tower, the company can apply SCPs to multiple accounts, monitor policies across multiple accounts, and receive a top-level summary of policies that are applied to the AWS accounts. Additionally, the integrated dashboard of AWS Control Tower can be used to check the applied policies in the accounts. https://aws.amazon.com/blogs/mt/managing-the-multi-account-environment-using-aws- organizations-and-aws-control-tower/

Topics

#AWS Control Tower#Multi-account governance#SCPs#Enterprise security

Community Discussion

No community discussion yet for this question.

Full PAS-C01 Practice