A company’s security policy requires that all AWS API activity in its AWS accounts be recorded for periodic auditing. The company needs to ensure that AWS CloudTrail is enabled on all of its current and future AWS accounts using AWS Organizations. Which solution is MOST secure?

Topic #: - All AWS Certified Solutions Architect - Associate SAA-C02 Questions

A. At the organization’s root, define and attach a service control policy (SCP) that permits enabling CloudTrail only.
B. Create IAM groups in the organization’s management account as needed. Define and attach an IAM policy to the groups that prevents users from disabling CloudTrail.
C. Organize accounts into organizational units (OUs). At the organization’s root, define and attach a service control policy (SCP) that prevents users from disabling CloudTrail. Most Voted
D. Add all existing accounts under the organization’s root. Define and attach a service control policy (SCP) to every account that prevents users from disabling CloudTrail.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

A company’s security policy requires that all AWS API activity in its AWS accounts be recorded for periodic auditing. The company needs to ensure that AWS CloudTrail is enabled on all of its current and future AWS accounts using AWS Organizations. Which solution is MOST secure?

Suggested Answer:

Share this post

Join the Discussion