SAP-C02 · Question #553
SAP-C02 Question #553: Real Exam Question with Answer & Explanation
Sign in or unlock SAP-C02 to reveal the answer and full explanation for question #553. The question stem and answer options stay visible for context.
Question
A company manages hundreds of AWS accounts centrally in an organization in AWS Organizations. The company recently started to allow product teams to create and manage their own S3 access points in their accounts. The S3 access points can be accessed only within VPCs, not on the internet. What is the MOST operationally efficient way to enforce this requirement?
Options
- ASet the S3 access point resource policy to deny the s3:CreateAccessPoint action unless the
- BCreate an SCP at the root level in the organization to deny the s3:CreateAccessPoint action
- CUse AWS CloudFormation StackSets to create a new IAM policy in each AWS account that
- DSet the S3 bucket policy to deny the s3:CreateAccessPoint action unless the
Unlock SAP-C02 to see the answer
You've previewed enough free SAP-C02 questions. Unlock SAP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.