SAP-C02 第 364 题
题目
A company is managing many AWS accounts by using an organization in AWS Organizations. Different business units in the company run applications on Amazon EC2 instances. All the EC2 instances must have a BusinessUnit tag so that the company can track the cost for each business unit. A recent audit revealed that some instances were missing this tag. The company manually added the missing tag to the instances. What should a solutions architect do to enforce the tagging requirement in the future?
中文翻译:
一家公司通过使用 AWS Organizations 中的组织来管理许多 AWS 账户。公司中的不同业务部门在 Amazon EC2 实例上运行应用程序。所有 EC2 实例都必须具有 BusinessUnit 标签,以便公司可以跟踪每个业务部门的成本。最近的审计显示,某些实例缺少此标签。该公司手动将丢失的标签添加到实例中。解决方案架构师应该做什么来强制执行未来的标记要求?
选项
A. Enable tag policies in the organization. Create a tag policy for the BusinessUnit tag. Ensure that compliance with tag key capitalization is turned off. Implement the tag policy for the ec2:instance resource type. Attach the tag policy to the root of the organization.
中文翻译:
在组织中启用标签策略。为 BusinessUnit 标签创建标签策略。确保关闭标签键大写合规性。实施 ec2:instance 资源类型的标签策略。将标签策略附加到组织的根目录。
B. Enable tag policies in the organization. Create a tag policy for the BusinessUnit tag. Ensure that compliance with tag key capitalization is turned on. Implement the tag policy for the ec2:instance resource type. Attach the tag policy to the organization's management account.
中文翻译:
在组织中启用标签策略。为 BusinessUnit 标签创建标签策略。确保启用标签键大写合规性。实施 ec2:instance 资源类型的标签策略。将标签策略附加到组织的管理帐户。
C. Create an SCP and attach the SCP to the root of the organization. Include the following statement in the SCP:
中文翻译:
创建 SCP 并将 SCP 附加到组织的根目录。在 SCP 中包含以下声明:
D. Create an SCP and attach the SCP to the organization’s management account. Include the following statement in the SCP:
中文翻译:
创建 SCP 并将 SCP 附加到组织的管理帐户。在 SCP 中包含以下声明:
答案
C
解析
正确答案:C 解析: 本题应选择 C。 正确选项: C. 创建 SCP 并将 SCP 附加到组织的根目录。在 SCP 中包含以下声明: 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关考点主要包括:EC2、Organizations。 排除思路: A、B、D 通常会在协议或服务适配、...