Multiple Choice
A company is in the process of implementing AWS Organizations to constrain its developers to use only Amazon EC2, Amazon S3, and Amazon DynamoDB. The Developers account resides in a dedicated organizational unit (OU) . The Solutions Architect has implemented the following SCP on the Developers account: 
When this policy is deployed, IAM users in the Developers account are still able to use AWS services that are not listed in the policy. What should the Solutions Architect do to eliminate the Developers' ability to use services outside the scope of this policy?
A) Create an explicit deny statement for each AWS service that should be constrained.
B) Remove the FullAWSAccess SCP from the Developer account's OU.
C) Modify the FullAWSAccess SCP to explicitly deny all services.
D) Add an explicit deny statement using a wildcard to the end of the SCP.
Correct Answer:
Verified
Correct Answer:
Verified
Q785: A software as a service (SaaS) company
Q786: A company that is new to AWS
Q787: A Solutions Architect needs to migrate a
Q788: You have deployed a web application targeting
Q789: A customer has established an AWS Direct
Q791: A company has application services that have
Q792: An organization is planning to host a
Q793: A company has a web application that
Q794: You're trying to delete an SSL certificate
Q795: A large company has many business units.