Home › Forums › AWS › AWS Certified Security – Specialty › Timed Diagnostic Test – AWS Organisations SCP for Development OU – Incomplete › Reply To: Timed Diagnostic Test – AWS Organisations SCP for Development OU – Incomplete
-
Hello AJam,
Thank you for bringing this to our attention. We will do the necessary updates, and this should be reflected in our practice exam as soon as possible.
Regarding the correct answer, Option 1 is the correct solution primarily because it leverages Service Control Policies (SCPs) to apply restrictions at the organizational unit (OU) level within AWS Organizations. Attaching the SCP to the “Development” OU ensures that the policy automatically applies to all existing and newly created AWS accounts within that OU. This approach effectively restricts AWS usage to the “ap-southeast-1” region for all accounts under the Development OU, aligning with the security team’s requirements to enforce strict regional access control while also providing the flexibility to exempt certain roles from these restrictions, ensuring both security and operational flexibility.
I hope this clarifies any confusion you have. If you have any further questions, please don’t hesitate to contact us.
Regards,
Nikee @ Tutorials Dojo