Domain 1.2: Security Controls — AWS SAP-C02 Practice Question 01

How to approach this question

Identify the requirement for organization-wide preventive controls.

Full Answer

B.Apply a Service Control Policy (SCP) at the root level denying access to ap-northeast-1 with a condition excluding the Global-Security account ID.✓ Correct

Apply a Service Control Policy (SCP) at the root level denying access to ap-northeast-1 with a condition excluding the Global-Security account ID.

Service Control Policies (SCPs) offer central control over the maximum available permissions for all accounts in your organization.

Common mistakes

Confusing IAM policies with SCPs for multi-account governance.

A company is setting up a multi-account AWS environment using AWS Organizations. They need to ensure that no account can deploy resources in the ap-northeast-1 region, except for a specific 'Global-Security' account. What is the MOST operationally efficient way to achieve this?

How to approach this question

Full Answer

Common mistakes

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

More questions from this exam