A company has accounts in an organization in AWS Organizations.

Amazon Web Services SAP-C02 Question Answer

A company has accounts in an organization in AWS Organizations. The organization has all features enabled. The company stores secrets in AWS Secrets Manager in a central AWS account (Account A). The secrets have resource policies that allow read-only access to 1AM roles in an account outside the organization (Account B). A few privileged users in accounts in the organization have access to the secrets by using 1AM roles.

Because of a security incident, the company needs to revoke all access to the secrets in Account A.

Which solution will meet these requirements?

Create an SCP to explicitly deny the secretsmanager:GetSecretValue action for all resources. Attach the SCP to Account A.

Modify the resource policies of the secrets in Account A to explicitly deny the secretsmanagenGetSecretValue action to all principals.

Deploy a VPC endpoint for Secrets Manager in Account A. Update the VPC endpoint policy to explicitly deny the secretsmanagenGetSecretValue action to all principals.

Modify the 1AM role inline policies in Account B to explicitly deny the secretsmanager:GetSecretValue action for all secrets in Account A.

Amazon Web Services SAP-C02 View All Questions

Amazon Web Services SAP-C02 Summary

Vendor: Amazon Web Services
Product: SAP-C02
Update on: Feb 19, 2026
Questions: 614

Price: $52.5 ~~$149.99~~

Buy Now SAP-C02 PDF + Testing Engine Pack

A company has multiple lines of business (LOBs) that toll up to the parent company.

A solutions architect needs to define a reference architecture for a solution for three-tier applications...

Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

A company has accounts in an organization in AWS Organizations.

The Answer Is:

Amazon Web Services SAP-C02 Summary

Payments We Accept

Contact Us