How should the Security Engineer resolve this issue?

SCS-C01 0 Comments

A Security Engineer manages AWS Organizations for a company. The Engineer would like to restrict AWS usage to allow Amazon S3 only in one of the organizational units (OUs).

The Engineer adds the following SCP to the OU:

The next day. API calls to AWS IAM appear in AWS CloudTrail logs In an account under that OU.

How should the Security Engineer resolve this issue?
A . Move the account to a new OU and deny IAM:* permissions.
B . Add a Deny policy for all non-S3 services at the account level.
C . Change the policy to:



D . Detach the default FullAWSAccess SCP

Answer: C

Latest SCS-C01 Dumps Valid Version with 470 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SCS-C01 PDF     SCS-C01 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments