A company is in the process of implementing AWS Organizations to constrain its developers to use only Amazon EC2, Amazon S3, and Amazon DynamoDB. The Developers account resides in a dedicated organizational unit (OU) . The Solutions Architect has implemented the following SCP on the Developers account: 
When this policy is deployed, IAM users in the Developers account are still able to use AWS services that are not listed in the policy. What should the Solutions Architect do to eliminate the Developers' ability to use services outside the scope of this policy?
A) Create an explicit deny statement for each AWS service that should be constrained.
B) Remove the FullAWSAccess SCP from the Developer account's OU.
C) Modify the FullAWSAccess SCP to explicitly deny all services.
D) Add an explicit deny statement using a wildcard to the end of the SCP.
Correct Answer:
Verified
Q653: A software as a service (SaaS) company
Q654: An enterprise company's data science team wants
Q655: A company is developing a new service
Q656: A company has an application that runs
Q657: A company has been using a third-party
Q659: A large company with hundreds of AWS
Q660: A media company has a static web
Q661: A company has several Amazon EC2 instances
Q662: A company hosts a game player-matching service
Q663: A company has a single AWS master
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents