SCS-C02 · Question #430
SCS-C02 Question #430: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #430. The question stem and answer options stay visible for context.
Question
A company uses AWS Organizations to manage a small number of AWS accounts. However, the company plans to add 1,000 more accounts soon. The company allows only a centralized security team to create IAM roles for all AWS accounts and teams. Application teams submit requests for IAM roles to the security team. The security team has a backlog of IAM role requests and cannot review and provision the IAM roles quickly. The security team must create a process that will allow application teams to provision their own IAM roles. The process must also limit the scope of IAM roles and prevent privilege escalation. Which solution will meet these requirements with the LEAST operational overhead?
Options
- ACreate an IAM group for each application team. Associate policies with each IAM group.
- BDelegate application team leads to provision IAM roles for each team. Conduct a quarterly review
- CPut each AWS account in its own OU. Add an SCP to each OU to grant access to only the AWS
- DCreate an SCP and a permissions boundary for IAM roles. Add the SCP to the root OU so that
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.