SAP-C02 · Question #128
SAP-C02 Question #128: Real Exam Question with Answer & Explanation
Sign in or unlock SAP-C02 to reveal the answer and full explanation for question #128. The question stem and answer options stay visible for context.
Question
A solutions architect uses AWS Organizations to manage several AWS accounts for a company. The full Organizations feature set is activated for the organization. All production AWS accounts exist under an OU that is named "production" Systems operators have full administrative privileges within these accounts by using IAM roles. The company wants to ensure that security groups in all production accounts do not allow inbound traffic for TCP port 22. All noncompliant security groups must be remediated immediately, and no new rules that allow port 22 can be created. Winch solution will meet these requirements?
Options
- AWrite an SCP that denies the CreateSecurityGroup action with a condition o( ec2:tngress rule
- BConfigure an AWS CloudTrail trail for all accounts Send CloudTrail logs to an Amazon S3 bucket
- CCreate an Amazon EvertBridge (Amazon CloudWatch Events) event bus in the Organizations
- DCreate an AWS CloudFormation template to turn on AWS Config Activate the
Unlock SAP-C02 to see the answer
You've previewed enough free SAP-C02 questions. Unlock SAP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.