AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
You are tasked with developing a multi-account strategy for a large enterprise that requires strict separation of environments (development, testing, production) and compliance with GDPR. Describe how you would structure the AWS accounts, implement AWS Organizations, and use Service Control Policies (SCPs) to enforce compliance and security controls across all accounts.
A
Create a single AWS account for all environments and use IAM policies to separate access.
B
Use AWS Organizations to create separate accounts for each environment, implement SCPs to restrict access to non-compliant services, and use AWS Control Tower to enforce GDPR compliance.
C
Create a single AWS account and use VPCs to isolate environments, without using AWS Organizations or SCPs.
D
Use AWS Organizations to create a single account per department, without implementing SCPs or considering GDPR compliance.