Amazon Exam SCS-C01 Topic 1 Question 19 Discussion

Actual exam question for Amazon's SCS-C01 exam

Question #: 19
Topic #: 1

A company plans to create individual child accounts within an existing organization in AWS Organizations for each of its DevOps teams. AWS CloudTrail has been enabled and configured on all accounts to write audit logs to an Amazon S3 bucket in a centralized AWS account. A security engineer needs to ensure that DevOps team members are unable to modify or disable this configuration.

How can the security engineer meet these requirements?

ACreate an 1AM policy that prohibits changes to the specific CloudTrail trail and apply the policy to the AWS account root user.

BCreate an S3 bucket policy in the specified destination account for the CloudTrail trail that prohibits configuration changes from the AWS account root user in the source account.

CCreate an SCP that prohibits changes to the specific CloudTrail trail and apply the SCP to the appropriate organizational unit or account in Organizations.

DCreate an 1AM policy that prohibits changes to the specific CloudTrail trail and apply the policy to a new 1AM group. Have team members use individual 1AM accounts that are members of the new 1AM group.

Show Suggested Answer

Suggested Answer: D

by Mitsue at May 05, 2022, 05:13 PM

Limited Time Offer

25%

Off

Get Premium SCS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!