SAP-C02 第 245 题
题目
A company has five development teams that have each created five AWS accounts to develop and host applications. To track spending, the development teams log in to each account every month, record the current cost from the AWS Billing and Cost Management console, and provide the information to the company's finance team. The company has strict compliance requirements and needs to ensure that resources are created only in AWS Regions in the United States. However, some resources have been created in other Regions. A solutions architect needs to implement a solution that gives the finance team the ability to track and consolidate expenditures for all the accounts. The solution also must ensure that the company can create resources only in Regions in the United States. Which combination of steps will meet these requirements in the MOST operationally efficient way? (Choose three.)
中文翻译:
一家公司有五个开发团队,每个团队创建了五个 AWS 账户来开发和托管应用程序。为了跟踪支出,开发团队每月登录每个账户,从 AWS 账单和成本管理控制台记录当前成本,并将信息提供给公司的财务团队。该公司有严格的合规性要求,需要确保仅在美国的 AWS 区域创建资源。然而,其他区域已经创建了一些资源。解决方案架构师需要实施一个解决方案,使财务团队能够跟踪和合并所有账户的支出。该解决方案还必须确保公司只能在美国的地区创建资源。哪种步骤组合能够以最高效的方式满足这些要求? (选择三项。)
选项
A. Create a new account to serve as a management account. Create an Amazon S3 bucket for the finance team. Use AWS Cost and Usage Reports to create monthly reports and to store the data in the finance team's S3 bucket.
中文翻译:
创建一个新帐户作为管理帐户。为财务团队创建一个 Amazon S3 存储桶。使用 AWS 成本和使用情况报告创建月度报告并将数据存储在财务团队的 S3 存储桶中。
B. Create a new account to serve as a management account. Deploy an organization in AWS Organizations with all features enabled. Invite all the existing accounts to the organization. Ensure that each account accepts the invitation.
中文翻译:
创建一个新帐户作为管理帐户。在 AWS Organizations 中部署组织并启用所有功能。邀请所有现有帐户加入组织。确保每个帐户都接受邀请。
C. Create an OU that includes all the development teams. Create an SCP that allows the creation of resources only in Regions that are in the United States. Apply the SCP to the OU.
中文翻译:
创建一个包含所有开发团队的 OU。创建一个 SCP,仅允许在美国的区域中创建资源。将 SCP 应用到 OU。
D. Create an OU that includes all the development teams. Create an SCP that denies the creation of resources in Regions that are outside the United States. Apply the SCP to the OU.
中文翻译:
创建一个包含所有开发团队的 OU。创建一个 SCP,拒绝在美国以外的区域创建资源。将 SCP 应用到 OU。
E. Create an IAM role in the management account. Attach a policy that includes permissions to view the Billing and Cost Management console. Allow the finance team users to assume the role. Use AWS Cost Explorer and the Billing and Cost Management console to analyze cost.
中文翻译:
在管理账户中创建 IAM 角色。附加包含查看计费和成本管理控制台的权限的策略。允许财务团队用户承担该角色。使用 AWS Cost Explorer 以及账单和成本管理控制台来分析成本。
F. Create an IAM role in each AWS account. Attach a policy that includes permissions to view the Billing and Cost Management console. Allow the finance team users to assume the role.
中文翻译:
在每个 AWS 账户中创建 IAM 角色。附加包含查看计费和成本管理控制台的权限的策略。允许财务团队用户承担该角色。
答案
BDE
解析
正确答案:BDE 解析: 本题应选择 BDE。 正确选项: B. 创建一个新帐户作为管理帐户。在 AWS Organizations 中部署组织并启用所有功能。邀请所有现有帐户加入组织。确保每个帐户都接受邀请。 D. 创建一个包含所有开发团队的 OU。创建一个 SCP,拒绝在美国以外的区域创建资源。将 SCP 应用到 OU。 E. 在管理账户中创建 IAM 角色。附加包含查看计费和成本管理控制台的权限的策略。允许财务团队用户承担该角色。...