ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 99 - SCS-C02 discussion

Report
Export

A company deploys a set of standard IAM roles in AWS accounts. The IAM roles are based on job functions within the company. To balance operational efficiency and security, a security engineer implemented AWS Organizations SCPs to restrict access to critical security services in all company accounts.

All of the company's accounts and OUs within AWS Organizations have a default FullAWSAccess SCP that is attached. The security engineer needs to ensure that no one can disable Amazon GuardDuty and AWS Security Hub. The security engineer also must not override other permissions that are granted by IAM policies that are defined in the accounts.

Which SCP should the security engineer attach to the root of the organization to meet these requirements?

A)

B)

C)

D)

A.
Option A
Answers
A.
Option A
B.
Option B
Answers
B.
Option B
C.
Option C
Answers
C.
Option C
D.
Option D
Answers
D.
Option D
Suggested answer: A
asked 16/09/2024
Oscar Ballabriga
31 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first