SCS-C03 · Question #118
SCS-C03 Question #118: Real Exam Question with Answer & Explanation
The correct answer is A: Create an AWS Service Catalog portfolio in the organization's management account. Upload the. AWS Service Catalog is designed to allow organizations to create and manage approved sets of CloudFormation templates, known as products, and make them available to specific accounts or organizational units (OUs). According to the AWS Certified Security - Specialty Study Guide, S
Question
A company is expanding its group of stores. On the day that each new store opens, the company wants to launch a customized web application for that store. Each store's application will have a non-production environment and a production environment. Each environment will be deployed in a separate AWS account. The company uses AWS Organizations and has an OU that is used only for these accounts. The company distributes most of the development work to third-party development teams. A security engineer needs to ensure that each team follows the company's deployment plan for AWS resources. The security engineer also must limit access to the deployment plan to only the developers who need access. The security engineer already has created an AWS CloudFormation template that implements the deployment plan. What should the security engineer do next to meet the requirements in the MOST secure way?
Options
- ACreate an AWS Service Catalog portfolio in the organization's management account. Upload the
- BUse the CloudFormation CLI to create a module from the CloudFormation template. Register the
- CCreate an AWS Service Catalog portfolio in the organization's management account. Upload the
- DUse the CloudFormation CLI to create a module from the CloudFormation template. Register the
Explanation
AWS Service Catalog is designed to allow organizations to create and manage approved sets of CloudFormation templates, known as products, and make them available to specific accounts or organizational units (OUs). According to the AWS Certified Security - Specialty Study Guide, Service Catalog is the preferred governance mechanism for enforcing standardized infrastructure deployments while maintaining strong access controls. By creating a Service Catalog portfolio in the management account and sharing it with a specific OU, the security engineer ensures that only accounts within that OU can deploy the approved CloudFormation template. This guarantees that third-party developers can deploy infrastructure only in accordance with the company's predefined deployment plan, without modifying or directly accessing the template itself.
Community Discussion
No community discussion yet for this question.