A Security Engineer manages AWS Organizations for a company. The Engineer would like to restrict AWS usage to allow Amazon S3 only in one of the organizational units (OUs) . The Engineer adds the following SCP to the OU: 
The next day, API calls to AWS IAM appear in AWS CloudTrail logs in an account under that OU. How should the Security Engineer resolve this issue?
A) Move the account to a new OU and deny IAM:* permissions.
B) Add a Deny policy for all non-S3 services at the account level.
C) Change the policy to: 
D) Detach the default FullAWSAccess SCP.
Correct Answer:
Verified
Q85: For compliance reasons, a Security Engineer must
Q86: A company has an encrypted Amazon S3
Q87: An Application team has requested a new
Q88: A Security Administrator is restricting the capabilities
Q89: A company's Developers plan to migrate their
Q91: A company has decided to migrate sensitive
Q92: A Development team has built an experimental
Q93: A company became aware that one of
Q94: An Amazon EC2 instance is denied access
Q95: A Security Engineer signed in to the
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents