A company is using AWS Organizations with all features enabled. The company has an AWS management account under an organization’s root and a small number of AWS accounts under a child OU. The company expects to grow by more than 1,000 AWS accounts in the next year. The company wants to enforce a policy that disallows any configuration changes to AWS Config settings in all AWS Organizations member accounts automatically when the company creates member accounts. The company will enforce this policy on all existing accounts and on any future AWS accounts that the company creates. The company also wants a centralized view of the compliance status of all accounts. Which solution will meet these requirements?

Topic #: - All AWS Certified Security - Specialty Questions

A. Configure AWS Config with trusted access in the Organizations management account.
B. Configure AWS Control Tower to extend governance to the organization. Enroll Organizations member accounts.
C. Use AWS Config to review the enforcement compliance of each AWS account.
D. Create an SCP that denies access to all AWS Config API actions. Apply the SCP to the organization’s root.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion