Multiple Choice
A Security Engineer must enforce the use of only Amazon EC2, Amazon S3, Amazon RDS, Amazon DynamoDB, and AWS STS in specific accounts. What is a scalable and efficient approach to meet this requirement?
A) Set up an AWS Organizations hierarchy, and replace the FullAWSAccess policy with the following Service Control Policy for the governed organization units: 
B) Create multiple IAM users for the regulated accounts, and attach the following policy statement to restrict services as required: 
C) Set up an Organizations hierarchy, replace the global FullAWSAccess with the following Service Control Policy at the top level: 
D) Set up all users in the Active Directory for federated access to all accounts in the company. Associate Active Directory groups with IAM groups, and attach the following policy statement to restrict services as required: 
Correct Answer:
Verified
Correct Answer:
Verified
Q192: A security engineer has noticed that VPC
Q193: A company's director of information security wants
Q194: A company's development team is designing an
Q195: After multiple compromises of its Amazon EC2
Q196: A company uses user data scripts that
Q198: A security alert has been raised for
Q199: A company needs a forensic-logging solution for
Q200: A company stores data on an Amazon
Q201: A water utility company uses a number
Q202: A public subnet contains two Amazon EC2