Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

🚀 25% OFF All Practice Exams, Video Courses, & eBooks – Cyber Sale Extension!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional Review Mode Set 1 – AWS Certified Solutions Architect Professional – Question 49 Reply To: Review Mode Set 1 – AWS Certified Solutions Architect Professional – Question 49

  • Amiel-Palacol-TutorialsDojo

    Member
    May 9, 2023 at 8:29 am

    Hi Mohammad,

    Thank you for the feedback.

    I understand that the question did not mention anything about DENY permission. However, the scenario stated that The Solutions Architects control access to certain AWS services using SCPs that define the restricted services. The SCPs are attached at the root of the organization so that they will be applied to all AWS accounts under the organization. This means that the SCPs were used to deny the usage of certain AWS services in all accounts under the organization.

    Since the SCPs are still attached to the root of the organization, that explains why the small business firm cannot apply the required AWS Config rules, as all OUs under the organization will inherit the SCP rule that is currently attached to the root. This will make the option Add the new account to a temporary Onboarding organization unit (OU) that has an attached SCP allowing changes to AWS Config. Perform the needed changes while on this temporary OU before moving the new account to Production OU incorrect as it did not mention anything about removing the SCPs attached to the root.

    In addition, AWS strongly recommends that you don’t attach SCPs to the root of your organization without thoroughly testing the impact that the policy has on accounts. Instead, create an OU that you can move your accounts into one at a time, or at least in small numbers, to ensure that you don’t inadvertently lock users out of key services. (Reference: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html)

    Please note that there are questions in the actual AWS exam that are difficult, tricky, and ambiguous. This is the style that we are trying to mimic in our practice tests. Some questions do not explicitly show the obvious keywords or phrases that will easily point to the answer.

    Hope this helps.

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!

    Regards,

    Amiel Palacol @ Tutorials Dojo

Skip to content