A company is using flaws Organizations to manage all their accounts. The Chief Technology Officer wants to prevent certain services from being used within production accounts until the services have been internally certified. They are willing to allow developers to experiment with these uncertified services in development accounts but need a way to ensure that these services are not used within production accounts.
Which option ensures that services are not allowed within the production accounts, yet are allowed in separate development accounts within the LEAST administrative overhead?

A. Use flaws Config to shut down non-compliant services found within the production accounts on a periodic basis, while allowing these same services to run in the development accounts. B. Apply service control policies to the flaws Organizational Unit (OU) containing the production accounts to whitelist certified services. Apply a less restrictive policy to the OUs containing the development accounts. C. Use IAM policies applied to the combination of user and account to prevent developers from using these services within the production accounts. Allow the services to run in development accounts. D. Use Amazon CloudWatch to report on the use of non-certified services within any account, triggering an flaws Lambda function to terminate only those non- certified services when found in a production account. Correct Answer: B This question is in SOA-C01 AWS Certified SysOps Administrator – Associate Exam For getting AWS Certified SysOps Administrator – Associate Certificate

Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.