SAP-C02 第 124 题
题目
A company has hundreds of AWS accounts. The company recently implemented a centralized internal process for purchasing new Reserved Instances and modifying existing Reserved Instances. This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement. Previously, business units directly purchased or modified Reserved Instances in their own respective AWS accounts autonomously. A solutions architect needs to enforce the new process in the most secure way possible. Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)
中文翻译:
一家公司拥有数百个 AWS 账户。该公司最近实施了一个集中的内部流程来购买新的预留实例和修改现有的预留实例。此流程要求所有想要购买或修改预留实例的业务部门向专门的团队提交采购请求。此前,业务部门直接在各自的 AWS 账户中自主购买或修改预留实例。解决方案架构师需要以尽可能最安全的方式实施新流程。解决方案架构师应该采取哪些步骤组合来满足这些要求? (选择两个。)
选项
A. Ensure that all AWS accounts are part of an organization in AWS Organizations with all features enabled.
中文翻译:
确保所有 AWS 账户都是 AWS Organizations 中组织的一部分,并且启用了所有功能。
B. Use AWS Config to report on the attachment of an IAM policy that denies access to the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action.
中文翻译:
使用 AWS Config 报告拒绝访问 ec2:PurchaseReservedInstancesOffering 操作和 ec2:ModifyReservedInstances 操作的 IAM 策略附件。
C. In each AWS account, create an IAM policy that denies the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action.
中文翻译:
在每个 AWS 账户中,创建拒绝 ec2:PurchaseReservedInstancesOffering 操作和 ec2:ModifyReservedInstances 操作的 IAM 策略。
D. Create an SCP that denies the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action. Attach the SCP to each OU of the organization. OU。
中文翻译:
创建拒绝 ec2:PurchaseReservedInstancesOffering 操作和 ec2:ModifyReservedInstances 操作的 SCP。将 SCP 附加到组织的每个 OU。欧。
E. Ensure that all AWS accounts are part of an organization in AWS Organizations that uses the consolidated billing feature.
中文翻译:
确保所有 AWS 账户均属于 AWS Organizations 中使用整合账单功能的组织的一部分。
答案
AD
解析
正确答案:AD 解析: 本题应选择 AD。 正确选项: A. 确保所有 AWS 账户都是 AWS Organizations 中组织的一部分,并且启用了所有功能。 D. 创建拒绝 ec2:PurchaseReservedInstancesOffering 操作和 ec2:ModifyReservedInstances 操作的 SCP。将 SCP 附加到组织的每个 OU。欧。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C...