A Security Engineer manages AWS Organizations for a company. The Engineer would like to restrict AWS usage to allow Amazon S3 only in one of the organizational units (OUs). The Engineer adds the following SCP to the OU: The next day, API calls to AWS IAM appear in AWS CloudTrail logs in an account under that OU. How should the Security Engineer resolve this issue? A. Move the account to a new OU and deny IAM:* permissions. B. Add a Deny policy for all non-S3 services at the account level. C. Change the policy to: D. Detach the default FullAWSAccess SCP.  Suggested Answer: B Community Answer: D Reference: https://docs.aws.amazon.com/organizations/latest/userguide/organizations-userguide.pdf (22) This question is in SCS-C01 AWS Certified Security – Specialty Exam For getting AWS Certified Security – Specialty Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon. The website does not contain actual questions and answers from Amazon's Certification Exam.
Please login or Register to submit your answer