SCS-C02 · Question #241
SCS-C02 Question #241: Real Exam Question with Answer & Explanation
The correct answer is C: Create an OU in Organizations, and attach an SCP that controls usage of the root user. Add all. In AWS Organizations, a Service Control Policy (SCP) can be used to restrict the actions of accounts, including root users, across the entire organization or within specific Organizational Units (OUs). By creating an OU and attaching an SCP that limits the root user's capabilitie
Question
A security administrator is restricting the capabilities of company root user accounts. The company uses AWS Organizations and has all features enabled. The management account is used for billing and administrative purposes, but it is not used for operational AWS resource purposes. How can the security administrator restrict usage of member root user accounts across the organization?
Options
- ADisable the use of the root user account at the organizational root. Enable multi-factor
- BConfigure IAM user policies to restrict root account capabilities for each organization member
- CCreate an OU in Organizations, and attach an SCP that controls usage of the root user. Add all
- DConfigure AWS CloudTrail to integrate with Amazon CloudWatch Logs Create a metric filter for
Explanation
In AWS Organizations, a Service Control Policy (SCP) can be used to restrict the actions of accounts, including root users, across the entire organization or within specific Organizational Units (OUs). By creating an OU and attaching an SCP that limits the root user's capabilities, the security administrator can effectively control the use of root user accounts in all member accounts within that OU. This method provides centralized control and is a best practice for securing root accounts across multiple AWS accounts.
Community Discussion
No community discussion yet for this question.