A company plans to create individual child accounts within an existing organization in IAM Organizations...

Amazon Web Services SCS-C02 Question Answer

A company plans to create individual child accounts within an existing organization in IAM Organizations for each of its DevOps teams. IAM CloudTrail has been enabled and configured on all accounts to write audit logs to an Amazon S3 bucket in a centralized IAM account. A security engineer needs to ensure that DevOps team members are unable to modify or disable this configuration.

How can the security engineer meet these requirements?

Create an IAM policy that prohibits changes to the specific CloudTrail trail and apply the policy to the IAM account root user.

Create an S3 bucket policy in the specified destination account for the CloudTrail trail that prohibits configuration changes from the IAM account root user in the source account.

Create an SCP that prohibits changes to the specific CloudTrail trail and apply the SCP to theappropriate organizational unit or account in Organizations.

Create an IAM policy that prohibits changes to the specific CloudTrail trail and apply the policy to a new IAM group. Have team members use individual IAM accounts that are members of the new IAM group.

Amazon Web Services SCS-C02 View All Questions

Amazon Web Services SCS-C02 Summary

Vendor: Amazon Web Services
Product: SCS-C02
Update on: Aug 2, 2025
Questions: 417

Price: $52.5 ~~$149.99~~

Buy Now SCS-C02 PDF + Testing Engine Pack

A company is running an Amazon RDS for MySQL DB instance in a VPC.

A company has an encrypted Amazon Aurora DB cluster in the us-east-1 Region.

Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

A company plans to create individual child accounts within an existing organization in IAM Organizations...

The Answer Is:

Amazon Web Services SCS-C02 Summary

Payments We Accept

Contact Us