ExpertAWS SAP-C02 · Question 51 · Domain 1.4: Multi-Account Environment
A company is designing a multi-account strategy using AWS Organizations. They want to isolate their production environment from their development environment. They also need a centralized logging account to store all AWS CloudTrail logs securely. Which combination of actions represents the BEST practice for this architecture? (Select THREE)
A company is designing a multi-account strategy using AWS Organizations. They want to isolate their production environment from their development environment. They also need a centralized logging account to store all AWS CloudTrail logs securely. Which combination of actions represents the BEST practice for this architecture? (Select THREE)
Answer options:
Create separate Organizational Units (OUs) for Production and Development.
Create a dedicated Log Archive account and configure an Organization-level CloudTrail trail to deliver logs to an S3 bucket in this account.
Apply an SCP to the Organization root to prevent any member account from modifying or deleting the CloudTrail trail.
Use VPC peering to connect all Development VPCs to the Production VPCs.
Store the CloudTrail logs in the Management account.
Configure AWS IAM users in the Production account and share them with the Development account.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 7
75 questions · hints · full answers · grading