1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Professional
  5. SAP-C02 Discussions
  6. SAP-C02 Exam Topic 3 Question 28 Discussion

Amazon Web Services AWS Certified Solutions Architect - Professional SAP-C02 Question # 28 Topic 3 Discussion

 Amazon Web Services Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Amazon Web Services AWS Certified Solutions Architect - Professional SAP-C02 Question # 28 Topic 3 Discussion

SAP-C02 Exam Topic 3 Question 28 Discussion:
Question #: 28
Topic #: 3

A company manages hundreds of AWS accounts centrally in an organization in AWS Organizations. The company recently started to allow product teams to create and manage their own S3 access points in their accounts. The S3 access points can be accessed only within VPCs not on the internet.

What is the MOST operationally efficient way to enforce this requirement?
A.

Set the S3 access point resource policy to deny the s3 CreateAccessPoint action unless the s3: AccessPointNetworkOngm condition key evaluates to VPC.

B.

Create an SCP at the root level in the organization to deny the s3 CreateAccessPoint action unless the s3 AccessPomtNetworkOngin condition key evaluates to VPC.

C.

Use AWS CloudFormation StackSets to create a new 1AM policy in each AVVS account that allows the s3: CreateAccessPoint action only if the s3 AccessPointNetworkOrigin condition key evaluates to VPC.

D.

Set the S3 bucket policy to deny the s3: CreateAccessPoint action unless the s3AccessPointNetworkOrigin condition key evaluates to VPC.

Get Premium SAP-C02 Questions
Actual exam question for Amazon Web Services SAP-C02 exam by Orion2616 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next