Domain 1.1: Secure Access — AWS SAA-C03 Practice Question 01

How to approach this question

Identify the requirement for cross-account preventative security controls. AWS Organizations SCPs are the best fit for this.

Full Answer

B.Create a Service Control Policy (SCP) that denies the cloudtrail:StopLogging action and attach it to the organization root.✓ Correct

Create a Service Control Policy (SCP) that denies the cloudtrail:StopLogging action and attach it to the organization root.

Service Control Policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization.

Common mistakes

Confusing SCPs (preventative) with AWS Config (detective/reactive).

A company has multiple AWS accounts in an AWS Organizations organization. The security team wants to ensure that no user or role in any member account can disable AWS CloudTrail. <br/><br/>Which solution is the MOST secure and requires the LEAST operational overhead?

How to approach this question

Full Answer

Common mistakes

Practice the full AWS SAA-C03 Practice Exam 4

More questions from this exam