SAP-C02 · Question #844
SAP-C02 Question #844: Real Exam Question with Answer & Explanation
The correct answer is C: Enable AWS Control Tower to set up and govern the multi-account environment. Use blueprints. AWS Control Tower natively provisions and governs multi-account environments with low ops overhead. With Customizations for AWS Control Tower, you attach your own CloudFormation- based IaC (custom controls, guardrails) that automatically deploys to new and existing accounts via l
Question
A company has dozens of AWS accounts for different teams, applications, and environments. The company has defined a custom set of controls that all accounts must have. The company is concerned that potential misconfigurations in the accounts could lead to security issues or noncompliance. A solutions architect must design a solution that deploys the custom controls by using infrastructure as code (IaC) in a repeatable way. Which solution will meet these requirements with the LEAST operational overhead?
Options
- AConfigure AWS Config rules in each account to evaluate the account settings against the custom
- BConfigure AWS Systems Manager associations to remediate configuration issues across
- CEnable AWS Control Tower to set up and govern the multi-account environment. Use blueprints
- DEnable AWS Security Hub in all the accounts to aggregate findings in a central administrator
Explanation
AWS Control Tower natively provisions and governs multi-account environments with low ops overhead. With Customizations for AWS Control Tower, you attach your own CloudFormation- based IaC (custom controls, guardrails) that automatically deploys to new and existing accounts via lifecycle events (through EventBridge). This delivers repeatable, centralized enforcement of your controls without building and maintaining your own cross-account remediation framework.
Community Discussion
No community discussion yet for this question.