Multiple Choice
A Security Engineer manages AWS Organizations for a company. The Engineer would like to restrict AWS usage to allow Amazon S3 only in one of the organizational units (OUs) . The Engineer adds the following SCP to the OU: 
The next day, API calls to AWS IAM appear in AWS CloudTrail logs in an account under that OU. How should the Security Engineer resolve this issue?
A) Move the account to a new OU and deny IAM:* permissions.
B) Add a Deny policy for all non-S3 services at the account level.
C) Change the policy to: 
D) Detach the default FullAWSAccess SCP.
Correct Answer:
Verified
Correct Answer:
Verified
Q65: A company is using AWS Organizations to
Q66: An application is running on an Amazon
Q67: A Security Administrator is restricting the capabilities
Q68: A security engineer received an Amazon GuardDuty
Q69: A company uses identity federation to authenticate
Q71: The Development team receives an error message
Q72: A company has a VPC with several
Q73: A large corporation is creating a multi-account
Q74: A security team is responsible for reviewing
Q75: The Security Engineer is managing a traditional