Answer-first summary for fast verification
Answer: Configure all AWS account root user email addresses as distribution lists that go to a few administrators who can respond to alerts. Configure AWS account alternate contacts in the AWS Organizations console or programmatically.
## Explanation **Correct Answer: B** **Why Option B is correct:** 1. **Distribution lists for root user emails**: By configuring AWS account root user email addresses as distribution lists, notifications are sent to multiple administrators, reducing the risk of a single person missing them. 2. **AWS account alternate contacts**: AWS allows you to configure alternate contacts (billing, operations, security) who receive important notifications. This ensures notifications reach the right administrators directly. 3. **AWS Organizations integration**: The solution mentions configuring these settings through AWS Organizations console or programmatically, which aligns with the company's use of AWS Organizations. 4. **Limited to account administrators**: The solution ensures notifications go only to a few administrators, meeting the security requirement. **Why other options are incorrect:** **Option A**: Forwarding to all users violates the requirement that notifications must be limited to account administrators. This creates security risks and notification overload. **Option C**: Relying on a single administrator creates a single point of failure and violates the requirement to ensure notifications are not missed. If that one administrator misses notifications, the problem persists. **Option D**: Using the same root user email address for all accounts: 1. Violates AWS best practices for account isolation 2. Creates security risks by centralizing root access 3. Doesn't properly address the notification distribution issue 4. May not work with AWS Organizations policies that require unique email addresses **Key AWS Concepts:** - **AWS Account Alternate Contacts**: Allow you to specify additional email addresses to receive important notifications about your AWS account. - **AWS Organizations**: Enables centralized management of multiple AWS accounts. - **Root User Email**: The email address used to create the AWS account receives critical notifications; it's important to ensure this email is monitored. **Best Practice**: Always configure alternate contacts and ensure root user emails are monitored by multiple administrators to avoid missing critical AWS notifications.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company uses AWS Organizations to create dedicated AWS accounts for each business unit to manage each business unit's account independently upon request. The root email recipient missed a notification that was sent to the root user email address of one account. The company wants to ensure that all future notifications are not missed. Future notifications must be limited to account administrators.
Which solution will meet these requirements?
A
Configure the company’s email server to forward notification email messages that are sent to the AWS account root user email address to all users in the organization.
B
Configure all AWS account root user email addresses as distribution lists that go to a few administrators who can respond to alerts. Configure AWS account alternate contacts in the AWS Organizations console or programmatically.
C
Configure all AWS account root user email messages to be sent to one administrator who is responsible for monitoring alerts and forwarding those alerts to the appropriate groups.
D
Configure all existing AWS accounts and all newly created accounts to use the same root user email address. Configure AWS account alternate contacts in the AWS Organizations console or programmatically.