A company using AWS Organizations requires that no Amazon S3 buckets in its production accounts should ever be deleted. What is the SIMPLEST approach the SysOps Administrator can take to ensure S3 buckets in those accounts can never be deleted?
A) Set up MFA Delete on all the S3 buckets to prevent the buckets from being ddeleted.
B) Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts. Use service control policies to deny the s3:DeleteBucket action on all buckets in production accounts.
C) Create an IAM group that has an IAM policy to deny the s3:DeleteBucket action on all buckets in production accounts. Create an IAM group that has an IAM policy to deny the
D) Use AWS Shield to deny the s3:DeleteBucket action on the AWS account instead of all S3 buckets. Use AWS Shield to deny the action on the AWS account instead of all S3 buckets.
Correct Answer:
Verified
Q933: A company monitors its account activity using
Q934: A SysOps Administrator is in the process
Q935: A company has an application running on
Q936: A SysOps Administrator is running an automatically
Q937: A SysOps Administrator needs an Amazon EBS
Q939: An Application performs read-heavy operations on an
Q940: A Chief Financial Officer has asked for
Q941: A SysOps administrator is implementing automated I/O
Q942: A SysOps Administrator created an AWS CloudFormation
Q943: A company uses many Amazon Elastic Block
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents