A company's DevOps engineer manages an organization in flaws Organizations. The organization includes many accounts. The company needs all flaws CloudFormation stacks in production accounts to have termination protection enabled. Non-production accounts do not need termination protection. The company has designated a centralized account for flaws Config aggregation and has configured all accounts to support the use of CloudFormation and flaws Config. The company also has grouped all production accounts into an OU. Which solution will meet these requirements?

Questions › Category: DOP-C01 › A company’s DevOps engineer manages an organization in flaws Organizations. The organization includes many accounts. The company needs all flaws CloudFormation stacks in production accounts to have termination protection enabled. Non-production accounts do not need termination protection. The company has designated a centralized account for flaws Config aggregation and has configured all accounts to support the use of CloudFormation and flaws Config. The company also has grouped all production accounts into an OU. Which solution will meet these requirements?

0 Vote Up Vote Down

Admin Staff asked 7 months ago

A company's DevOps engineer manages an organization in flaws Organizations. The organization includes many accounts. The company needs all flaws CloudFormation stacks in production accounts to have termination protection enabled. Non-production accounts do not need termination protection.
The company has designated a centralized account for flaws Config aggregation and has configured all accounts to support the use of CloudFormation and flaws Config. The company also has grouped all production accounts into an OU.
Which solution will meet these requirements?

A. Create an flaws Config rule to detect stacks that do not have termination protection enabled. Add a remediation action to the rule to enable termination protection. Deploy the rule across the organization by using the PutOrganizationConfigRule API operation.

B. Create a CloudFormation template that deploys an flaws Config rule to detect stacks that do not have termination protection enabled. Add a remediation action to the rule to enable termination protection. Deploy the template to the OU of the production accounts by using CloudFormation StackSets.

C. Create an SCP that denies cloudformation:DeleteStack actions. Apply the SCP to the OU of the production accounts by using CloudFormation StackSets.

D. Create a CloudFormation stack policy that denies Update:Delete actions. Apply the policy to the OU of the production accounts by using CloudFormation StackSets.

Correct Answer: D

This question is in DOP-C01 exam
For getting AWS DevOps Engineer - Professional Certificate

A production account has a requirement that any Amazon EC2 instance that has been logged in to manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with the Amazon CloudWatch Logs agent configured. How can this process be automated?

AZ-104 Practice Test Free

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password

A production account has a requirement that any Amazon EC2 instance that has been logged in to manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with the Amazon CloudWatch Logs agent configured. How can this process be automated?

AZ-104 Practice Test Free

Related Questions

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password