{"id":550,"date":"2022-02-05T18:32:16","date_gmt":"2022-02-05T18:32:16","guid":{"rendered":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/aws-devops-engineer-professional-dop-c01-question538\/"},"modified":"2022-02-05T18:32:16","modified_gmt":"2022-02-05T18:32:16","slug":"aws-devops-engineer-professional-dop-c01-question538","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/aws-devops-engineer-professional-dop-c01-question538\/","title":{"rendered":"AWS DevOps Engineer Professional DOP-C01 &#8211; Question538"},"content":{"rendered":"<div class=\"question\">A company is using AWS Organizations and wants to implement a governance strategy with the following requirements: AWS resource access is restricted to the same two Regions for all accounts. AWS services are limited to a specific group of authorized services for all accounts. Authentication is provided by Active Directory. Access permissions are organized by job function and are identical in each account.<br \/>\nWhich solution will meet these requirements?<br \/><strong><br \/>A.<\/strong> Establish an organizational unit (OU) with group policies in the master account to restrict Regions and authorized services. Use AWS CloudFormation StackSets to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account.<br \/><strong>B.<\/strong> Establish a permission boundary in the master account to restrict Regions and authorized services. Use AWS CloudFormation StackSet to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account.<br \/><strong>C.<\/strong> Establish a service control in the master account to restrict Regions and authorized services. Use AWS Resource Access Manager to share master account roles with permissions for each job function, including AWS SSO for authentication in each account.<br \/><strong>D.<\/strong> Establish a service control in the master account to restrict Regions and authorized services. Use CloudFormation StackSet to provision roles with permissions for each job function, including an IAM trust policy for IAM identity provider authentication in each account.<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>A<\/strong><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>A company is using AWS Organizations and wants to implement a governance strategy with the following requirements: AWS resource access is restricted to the same two Regions for all accounts. AWS services are limited to a specific group of authorized services for all accounts. Authentication is provided by Active Directory. Access permissions are organized by [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,541],"class_list":["post-550","post","type-post","status-publish","format-standard","hentry","category-aws-devops-engineer-professional-dop-c01","tag-aws-devops-engineer-professional-dop-c01","tag-question-538"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/wp-json\/wp\/v2\/posts\/550","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/wp-json\/wp\/v2\/comments?post=550"}],"version-history":[{"count":0,"href":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/wp-json\/wp\/v2\/posts\/550\/revisions"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/wp-json\/wp\/v2\/media?parent=550"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/wp-json\/wp\/v2\/categories?post=550"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/wp-json\/wp\/v2\/tags?post=550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}