A company is using AWS Organizations with all features enabled. The company has an AWS management account under an organization's root and a small number of AWS accounts under a child OU. The company expects to grow by more than 1,000 AWS accounts in the next year. The company wants to enforce a policy that disallows any configuration changes to AWS Config settings in all AWS Organizations member accounts automatically when the company creates member accounts. The company will enforce this policy on all existing accounts and on any future AWS accounts that the company creates. The company also wants a centralized view of the compliance status of all accounts. Which solution will meet these requirements? A. Configure AWS Config with trusted access in the Organizations management account. B. Configure AWS Control Tower to extend governance to the organization. Enroll Organizations member accounts. C. Use AWS Config to review the enforcement compliance of each AWS account. D. Create an SCP that denies access to all AWS Config API actions. Apply the SCP to the organization's root.  Suggested Answer: A Community Answer: B This question is in SCS-C01 AWS Certified Security – Specialty Exam For getting AWS Certified Security – Specialty Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon. The website does not contain actual questions and answers from Amazon's Certification Exam.
Please login or Register to submit your answer