1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Associate
  5. SAA-C03 Discussions
  6. SAA-C03 Exam Topic 11 Question 107 Discussion

Amazon Web Services AWS Certified Solutions Architect - Associate (SAA-C03) SAA-C03 Question # 107 Topic 11 Discussion

 Amazon Web Services Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Amazon Web Services AWS Certified Solutions Architect - Associate (SAA-C03) SAA-C03 Question # 107 Topic 11 Discussion

SAA-C03 Exam Topic 11 Question 107 Discussion:
Question #: 107
Topic #: 11

Question:

A company uses AWS Organizations to manage multiple AWS accounts. Each department in the company has its own AWS account. A security team needs to implement centralized governance and control to enforce security best practices across all accounts. The team wants to have control over which AWS services each account can use. The team needs to restrict access to sensitive resources based on IP addresses or geographic regions. The root user must be protected with multi-factor authentication (MFA) across all accounts.

Options:
A.

Use AWS Identity and Access Management (IAM) to manage IAM users and IAM roles in each account. Implement MFA for the root user in each account. Enforce service restrictions by using AWS managed prefix lists.

B.

Use AWS Control Tower to establish a multi-account environment. Use service control policies (SCPs) to enforce service restrictions in AWS Organizations. Configure MFA for the root user across all accounts.

C.

Use AWS Systems Manager to enforce service restrictions across multiple accounts. Use IAM policies to enforce MFA for the root user across all accounts.

D.

Use AWS IAM Identity Center to manage user access and to enforce service restrictions by using permissions boundaries in each account.

Get Premium SAA-C03 Questions
Actual exam question for Amazon Web Services SAA-C03 exam by Aspen2171 at Oct 10, 2025, 5:33:22 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next