ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.4: Multi-Account EnvironmentOrganizationsMulti-AccountGovernance

AWS SAP-C02 · Question 19 · Domain 1.4: Multi-Account Environment

An enterprise is designing a multi-account strategy. They want to isolate workloads based on data sensitivity (Public, Internal, Confidential). They also need a centralized networking hub and a dedicated security tooling account. Which AWS Organizations Organizational Unit (OU) structure aligns BEST with AWS Well-Architected multi-account best practices?

Answer options:

A.

Create a foundational Infrastructure OU (containing Network and Security accounts) and a Workloads OU (containing sub-OUs for Public, Internal, and Confidential workloads).

B.

Create OUs based on the company's reporting structure (e.g., HR OU, Finance OU, Engineering OU). Place all network and security accounts in the root of the organization.

C.

Create a single Production OU and a single Non-Production OU. Put all accounts, including network and security, into these two OUs.

D.

Create separate AWS Organizations for Infrastructure, Security, and Workloads. Use AWS Resource Access Manager to share resources between the organizations.

How to approach this question

Recall the standard AWS Landing Zone / Control Tower OU architecture.

Full Answer

A.Create a foundational Infrastructure OU (containing Network and Security accounts) and a Workloads OU (containing sub-OUs for Public, Internal, and Confidential workloads).✓ Correct
AWS multi-account best practices recommend creating foundational OUs (like Infrastructure for networking and Security for centralized logging/tooling) separate from Workload OUs. Workload OUs should be further segmented based on business needs or data sensitivity (e.g., SDLC environments or data classification) to apply appropriate Service Control Policies (SCPs).

Common mistakes

Organizing OUs purely by company department (HR, Finance) rather than by security/infrastructure requirements.
18All questions20

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 5

75 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A global enterprise is redesigning its AWS network architecture across 50 AWS accounts and 3 AWS ...HardQ02A company uses AWS Organizations to manage multiple accounts. The security team mandates that no ...MediumQ03A financial institution requires a disaster recovery strategy for its critical trading applicatio...HardQ04An enterprise is setting up a new multi-account AWS environment using AWS Control Tower. They nee...MediumQ05A company has a complex AWS environment with hundreds of linked accounts under AWS Organizations....Hard
View all 75 questions →