Multiple Choice
A company is using AWS Organizations to manage all their accounts. The Chief Technology Officer wants to prevent certain services from being used within production accounts until the services have been internally certified. They are willing to allow developers to experiment with these uncertified services in development accounts but need a way to ensure that these services are not used within production accounts. Which option ensures that services are not allowed within the production accounts, yet are allowed in separate development accounts within the LEAST administrative overhead?
A) Use AWS Config to shut down non-compliant services found within the production accounts on a periodic basis, while allowing these same services to run in the development accounts.
B) Apply service control policies to the AWS Organizational Unit (OU) containing the production accounts to whitelist certified services. Apply a less restrictive policy to the OUs containing the development accounts.
C) Use IAM policies applied to the combination of user and account to prevent developers from using these services within the production accounts. Allow the services to run in development accounts.
D) Use Amazon CloudWatch to report on the use of non-certified services within any account, triggering an AWS Lambda function to terminate only those non-certified services when found in a production account.
Correct Answer:
Verified
Correct Answer:
Verified
Q527: A user has created a VPC with
Q528: A user is creating a Cloudformation stack.
Q529: An organization is planning to create a
Q530: An organization has created 10 IAM users.
Q531: What does Amazon RDS stand for?<br>A) Amazon
Q533: As part of an operational audit, an
Q534: After a particularly high AWS bill, an
Q535: A SysOps Administrator is receiving alerts related
Q536: A company has a multi-account AWS environment
Q537: An instance has enabled basic monitoring only