AWS Certified Security – Specialty SCS-C01 – Question280

A company uses AWS Config and AWS Organizations. One of the company's account administrators recently turned off AWS Config recording, and a critical security incident was not logged properly.
The company's security engineer must create an SCP that will deny all users the ability to stop AWS Config.
The SCP also must allow the ApprovedAdministrator role to edit AWS Config settings.
Which SCP meets these requirements?

A.


B.

C.

D.

Correct Answer: A