An architect is designing a multi-account strategy using AWS Control Tower. They need to provision new accounts automatically, ensure specific baseline VPCs are deployed in every new account, and integrate with their third-party identity provider (IdP). Which THREE AWS services or features will be utilized? (Select THREE)

Answer options:

AWS Service Catalog

AWS Directory Service

AWS OpsWorks

AWS CloudFormation StackSets

AWS IAM Identity Center

Amazon Cognito

AWS Systems Manager State Manager

How to approach this question

Identify the underlying services that power AWS Control Tower.

Full Answer

A,D,E

AWS Control Tower relies on Service Catalog for account vending, CloudFormation StackSets for deploying baseline infrastructure across accounts, and IAM Identity Center for SSO and IdP integration.

Common mistakes

Confusing Cognito (customer identity) with IAM Identity Center (workforce identity).

Question 32 All questions Question 34

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

75 questions · hints · full answers · grading

More questions from this exam

Q01A company is setting up a multi-account AWS environment using AWS Organizations. They need to ens...Easy Q02An enterprise needs to connect its on-premises data center to AWS. They require a dedicated, priv...Easy Q03A company wants to share a single AWS Transit Gateway across multiple AWS accounts within their A...Easy Q04An architect needs to design a highly available database architecture that spans multiple AWS Reg...Easy Q05A global financial institution is migrating its core banking application to AWS. The application ...Medium

View all 75 questions →