Answer-first summary for fast verification
Answer: Create SCPs that restrict access to high-risk services such as Amazon S3 public access, AWS Lambda functions with internet access, and Amazon EC2 instances with unrestricted traffic, while allowing other necessary services.
Option B is the correct approach as it involves creating targeted SCPs that restrict specific high-risk services, enhancing security without completely disabling necessary services, which is crucial for maintaining operational functionality in AWS accounts.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are tasked with implementing Service Control Policies (SCPs) in AWS Organizations to enforce a policy that restricts the use of certain high-risk AWS services. Describe how you would design and deploy these SCPs, including specific services you would restrict and the impact on account usage.
A
Deploy SCPs that completely disable all AWS services across all accounts.
B
Create SCPs that restrict access to high-risk services such as Amazon S3 public access, AWS Lambda functions with internet access, and Amazon EC2 instances with unrestricted traffic, while allowing other necessary services.
C
Use SCPs to monitor service usage without restricting any actions.
D
Disable SCPs and rely on IAM policies to manage service usage.
No comments yet.