Multiple Choice
A large company has multiple AWS accounts that are assigned to each department. A SysOps administrator needs to help the company reduce overhead and manage its AWS resources more easily. The SysOps administrator also must ensure that department users, including AWS account root users, have access only to AWS services that are essential for their job function. Which solution will meet these requirements?
A) Enable AWS Directory Service. Enforce Group Policy Objects (GPOs) on each department to restrict access.
B) Migrate all the accounts to a central account. Create IAM groups for each department with only the necessary permissions.
C) Use AWS Organizations and implement service control policies (SCPs) to ensure accounts use only essential AWS services.
D) Use AWS Single Sign-On and configure it to limit access to only essential AWS services.
Correct Answer:
Verified
Correct Answer:
Verified
Q863: A SysOps Administrator created an AWS CloudFormation
Q864: A recent audit found that most resources
Q865: _ is a fully managed service for
Q866: A root AWS account owner has created
Q867: The CFO of a company wants to
Q869: An application is running on multiple EC2
Q870: A SysOps Administrator receives reports of an
Q871: Your customers are concerned about the security
Q872: If an IAM policy has multiple conditions,
Q873: A SysOps Administrator is attempting to download