A solutions architect is designing a security solution for a company that wants to provide developers with individual AWS accounts through AWS Organizations, while also maintaining standard security controls. Because the individual developers will have AWS account root user-level access to their own accounts, the solutions architect wants to ensure that the mandatory AWS CloudTrail configuration that is applied to new developer accounts is not modified. Which action meets these requirements?
A) Create an IAM policy that prohibits changes to CloudTrail, and attach it to the root user.
B) Create a new trail in CloudTrail from within the developer accounts with the organization trails option enabled.
C) Create a service control policy (SCP) the prohibits changes to CloudTrail, and attach it the developer accounts.
D) Create a service-linked role for CloudTrail with a policy condition that allows changes only from an Amazon Resource Name (ARN) in the master account.
Correct Answer:
Verified
Q323: A company needs to comply with a
Q324: A company has a highly dynamic batch
Q325: A company's packaged application dynamically creates and
Q326: A solutions architect must design a solution
Q327: A company has media and application files
Q329: A company has a 10 Gbps AWS
Q330: A company is deploying a web portal.
Q331: A company uses Amazon Redshift for its
Q332: An application is running on an Amazon
Q333: A company receives inconsistent service from its
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents