Multiple Choice
A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted. What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?
A) Set up MFA Delete on all the S3 buckets to prevent the buckets from being ddeleted.
B) Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
C) Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts. Create an IAM group that has an IAM policy to deny the
D) Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets. Use AWS Shield to deny the action on the AWS account instead of all S3 buckets.
Correct Answer:
Verified
Correct Answer:
Verified
Q341: A user has stored data on an
Q342: An application hosted on AWS is going
Q343: A sys admin is using server side
Q344: A user has configured ELB with Auto
Q345: While creating the wait condition resource in
Q347: An organization (Account ID 123412341234. has attached
Q348: A user is using the AWS SQS
Q349: A financial service company is running distributed
Q350: An organization (Account ID 123412341234) has attached
Q351: The SysOps Administrator must integrate an existing