SAP-C02 · Question #638
SAP-C02 Question #638: Real Exam Question with Answer & Explanation
Sign in or unlock SAP-C02 to reveal the answer and full explanation for question #638. The question stem and answer options stay visible for context.
Question
A company is using multiple AWS accounts and has multiple DevOps teams running production and non-production workloads in these accounts. The company would like to centrally-restrict access to some of the AWS services that the DevOps teams do not use. The company decided to use AWS Organizations and successfully invited all AWS accounts into the Organization. They would like to allow access to services that are currently in-use and deny a few specific services. Also they would like to administer multiple accounts together as a single unit. What combination of steps should the solutions architect take to satisfy these requirements? (Choose three.)
Options
- AUse a Deny list strategy.
- BReview the Access Advisor in AWS IAM to determine services recently used
- CReview the AWS Trusted Advisor report to determine services recently used.
- DRemove the default FullAWSAccess SCP.
- EDefine organizational units (OUs) and place the member accounts in the OUs.
- FRemove the default DenyAWSAccess SCP.
Unlock SAP-C02 to see the answer
You've previewed enough free SAP-C02 questions. Unlock SAP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.