No Result
View All Result
IT Quesion Library
Contribute
No Result
View All Result
No Result
View All Result

A company is using AWS Organizations to implement a multi-account strategy. The company does not have on-premises infrastructure. All workloads run on AWS. The company currently has eight member accounts. The company anticipates that it will have no more than 20 AWS accounts total at any time. The company issues a new security policy that contains the following requirements: • No AWS account should use a VPC within the AWS…

QuestionsCategory: SCS-C02A company is using AWS Organizations to implement a multi-account strategy. The company does not have on-premises infrastructure. All workloads run on AWS. The company currently has eight member accounts. The company anticipates that it will have no more than 20 AWS accounts total at any time. The company issues a new security policy that contains the following requirements: • No AWS account should use a VPC within the AWS…
0 Vote Up Vote Down
Admin Staff asked 3 months ago 
A company is using AWS Organizations to implement a multi-account strategy. The company does not have on-premises infrastructure. All workloads run on AWS. The company currently has eight member accounts. The company anticipates that it will have no more than 20 AWS accounts total at any time.
The company issues a new security policy that contains the following requirements:
•	No AWS account should use a VPC within the AWS account for workloads.
•	The company should use a centrally managed VPC that all AWS accounts can access to launch workloads in subnets.
•	No AWS account should be able to modify another AWS account's application resources within the centrally managed VPC.
•	The centrally managed VPC should reside in an existing AWS account that is named Ac-count-A within an organization.
The company uses an AWS CloudFormation template to create a VPC that contains multiple subnets in Account-A. This template exports the subnet IDs through the CloudFormation Outputs section.
Which solution will complete the security setup to meet these requirements?

A. Use a CloudFormation template in the member accounts to launch workloads. Configure the template to use the Fn::ImportValue function to obtain the subnet ID values.

B. Use a transit gateway in the VPC within Account-A. Configure the member accounts to use the transit gateway to access the subnets in Account-A to launch workloads.

C. Use AWS Resource Access Manager (AWS RAM) to share Account-A's VPC subnets with the remaining member accounts. Configure the member accounts to use the shared subnets to launch workloads.

D. Create a peering connection between Account-A and the remaining member accounts. Configure the member accounts to use the subnets in Account-A through the VPC peering connection to launch workloads.








 

Suggested Answer: D

Community Answer: C




This question is in SCS-C02 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate

Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.
Question Tags:

Related Questions

Recommended

No Result
View All Result

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In