Multiple Choice
A large company in Europe plans to migrate its applications to the AWS Cloud. The company uses multiple AWS accounts for various business groups. A data privacy law requires the company to restrict developers' access to AWS European Regions only. What should the solutions architect do to meet this requirement with the LEAST amount of management overhead?
A) Create IAM users and IAM groups in each account. Create IAM policies to limit access to non-European Regions. Attach the IAM policies to the IAM groups.
B) Enable AWS Organizations, attach the AWS accounts, and create OUs for European Regions and non-European Regions. Create SCPs to limit access to non-European Regions and attach the policies to the OUs.
C) Set up AWS Single Sign-On and attach AWS accounts. Create permission sets with policies to restrict access to non-European Regions. Create IAM users and IAM groups in each account.
D) Enable AWS Organizations, attach the AWS accounts, and create OUs for European Regions and non-European Regions. Create permission sets with policies to restrict access to non-European Regions. Create IAM users and IAM groups in the primary account.
Correct Answer:
Verified
Correct Answer:
Verified
Q731: A user is using CloudFormation to launch
Q732: You are designing a data leak prevention
Q733: An organization is undergoing a security audit.
Q734: An on-premises application will be migrated to
Q735: Your system recently experienced down time during
Q737: In an AWS CloudFormation template, each resource
Q738: Which of the following is the Amazon
Q739: A company runs a popular public-facing ecommerce
Q740: The Security team needs to provide a
Q741: An organization has hosted an application on