SOA-C02 · Question #61
SOA-C02 Question #61: Real Exam Question with Answer & Explanation
The correct answer is B: Create customer accounts within AWS Organizations specifying consolidated billing features.. AWS Organizations with consolidated billing is the correct approach because it provides account-level isolation (the strongest boundary in AWS) while allowing centralized billing and security policy management through Service Control Policies (SCPs) - exactly what a consulting co
Question
A Big Data consulting company wants to separate its customers' workloads for billing and security reasons. The company would like to maintain billing and security controls on these workloads. According to best practices, how can the workloads be separated if no shared resources are needed?
Options
- ARequire each customer to create their own account. Contact AWS Support to receive a
- BCreate customer accounts within AWS Organizations specifying consolidated billing features.
- CCreate a separate VPC for each customer. Use security groups to isolate traffic.
- DDedicate an AWS Region to each customer. Ensure that each entry in Amazon Route 53 is
Explanation
AWS Organizations with consolidated billing is the correct approach because it provides account-level isolation (the strongest boundary in AWS) while allowing centralized billing and security policy management through Service Control Policies (SCPs) - exactly what a consulting company needs to maintain control over multiple customers' workloads without shared resources.
Why the distractors fail:
- A is impractical and not a best practice - having customers create their own accounts removes the company's ability to maintain billing and security controls, and "contact AWS Support" is a red flag in exam answers.
- C (separate VPCs) is a network-level isolation technique, not account-level; VPCs share the same AWS account, so billing and IAM permissions are still commingled - insufficient for true customer separation.
- D (dedicate a Region per customer) is extremely costly, operationally complex, and not an AWS best practice - Regions are geographic infrastructure zones, not billing or security constructs.
Memory tip: Think of AWS account boundaries as "walls" and VPCs as "rooms within a house." When the question asks for no shared resources plus billing and security controls, you need separate houses (accounts) managed under one landlord (AWS Organizations).
Topics
Community Discussion
No community discussion yet for this question.