SAP-C02 第 328 题
题目
A company orchestrates a multi-account structure on AWS by using AWS Control Tower. The company is using AWS Organizations, AWS Config, and AWS Trusted Advisor. The company has a specific OU for development accounts that developers use to experiment on AWS. The company has hundreds of developers, and each developer has an individual development account. The company wants to optimize costs in these development accounts. Amazon EC2 instances and Amazon RDS instances in these accounts must be burstable. The company wants to disallow the use of other services that are not relevant. What should a solutions architect recommend to meet these requirements?
中文翻译:
一家公司使用 AWS Control Tower 在 AWS 上协调多账户结构。该公司正在使用 AWS Organizations、AWS Config 和 AWS Trusted Advisor。该公司有一个用于开发帐户的特定 OU,开发人员可以使用该 OU 在 AWS 上进行实验。公司拥有数百名开发者,每个开发者都有一个单独的开发账户。该公司希望优化这些开发账户的成本。这些账户中的 Amazon EC2 实例和 Amazon RDS 实例必须是可突发的。该公司希望禁止使用其他不相关的服务。解决方案架构师应该建议什么来满足这些要求?
选项
A. Create a custom SCP in AWS Organizations to allow the deployment of only burstable instances and to disallow services that are not relevant. Apply the SCP to the development OU.
中文翻译:
在 AWS Organizations 中创建自定义 SCP,以仅允许部署可突发实例并禁止不相关的服务。将 SCP 应用到开发 OU。
B. Create a custom detective control (guardrail) in AWS Control Tower. Configure the control (guardrail) to allow the deployment of only burstable instances and to disallow services that are not relevant. Apply the control (guardrail) to the development OU.
中文翻译:
在 AWS Control Tower 中创建自定义检测控制(护栏)。配置控制(护栏)以仅允许部署可突发实例并禁止不相关的服务。将控制(护栏)应用到开发 OU。
C. Create a custom preventive control (guardrail) in AWS Control Tower. Configure the control (guardrail) to allow the deployment of only burstable instances and to disallow services that are not relevant. Apply the control (guardrail) to the development OU.
中文翻译:
在 AWS Control Tower 中创建自定义预防控制(护栏)。配置控制(护栏)以仅允许部署可突发实例并禁止不相关的服务。将控制(护栏)应用到开发 OU。
D. Create an AWS Config rule in the AWS Control Tower account. Configure the AWS Config rule to allow the deployment of only burstable instances and to disallow services that are not relevant. Deploy the AWS Config rule to the development OU by using AWS CloudFormation StackSets.
中文翻译:
在 AWS Control Tower 账户中创建 AWS Config 规则。配置 AWS Config 规则以仅允许部署可突发实例并禁止不相关的服务。使用 AWS CloudFormation StackSets 将 AWS Config 规则部署到开发 OU。
答案
A
解析
正确答案:A 解析: 本题应选择 A。 正确选项: A. 在 AWS Organizations 中创建自定义 SCP,以仅允许部署可突发实例并禁止不相关的服务。将 SCP 应用到开发 OU。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关考点主要包括:EC2、RDS、Organi...