1. Right Answer: C
Explanation: As an administrator of the master account of an organization, you can restrict which AWS(Amazon Web Service) services and individual API actions the users and roles in each member account can access. This restriction even overrides the administrators of member accounts in the organization. When AWS(Amazon Web Service) Organizations blocks access to a service or API action for a member account, a user or role in that account can't access any prohibited service or API action, even if an administrator of a member account explicitly grants such permissions in an IAM policy. Organization permissions overrule account permissions. Option B is invalid because service policies cannot be assigned to the root account at the account level. Option C and D are invalid because IAM policies alone at the account level would not be able to suffice the requirement For more information on attaching an IAM policy to a group, please visit the below URL https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_attach-policy.html
2. Right Answer: A
Explanation:
3. Right Answer: A
Explanation: This is given in the AWS(Amazon Web Service) Documentation as an example rule in AWS(Amazon Web Service) Config Option A is invalid because AWS(Amazon Web Service) Inspector cannot be used to scan all buckets Option C and D are invalid because Cloudwatch cannot be used to check for logging enablement for buckets. For more information on Config Rules please see the below link https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html
4. Right Answer: A
Explanation: This is mentioned clearly as a use case for S3 cross-region replication You might configure cross-region replication on a bucket for various reasons, including the following: Compliance requirements ' Although, by default, Amazon S3 stores your data across multiple geographically distant Availability Zones, compliance requirements might dictate that you store data at even further distances. Cross-region replication allows you to replicate data between distant AWS(Amazon Web Service) Regions to satisfy these compliance requirements. Option A is invalid because Multi-AZ cannot be used to S3 buckets Option B is invalid because copying it to an EBS volume is not a recommended practice Option C is invalid because creating snapshots is not possible in S3 For more information on S3 cross-region replication, please visit the following url https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html
5. Right Answer: C
Explanation:
Write a public review