SAP 练习题 SCP OU
A Solutions Architect is designing a multi-account structure that has 10 existing accounts. The design must meet the following requirements:
✑ Consolidate all accounts into one organization.
✑ Allow full access to the Amazon EC2 service from the master account and the secondary accounts.
✑ Minimize the effort required to add additional secondary accounts.
Which combination of steps should be included in the solution? (Choose two.)
✑ Consolidate all accounts into one organization.
✑ Allow full access to the Amazon EC2 service from the master account and the secondary accounts.
✑ Minimize the effort required to add additional secondary accounts.
Which combination of steps should be included in the solution? (Choose two.)
- A. Create an organization from the master account. Send invitations to the secondary accounts from the master account. Accept the invitations and create an OU.
- B. Create an organization from the master account. Send a join request to the master account from each secondary account. Accept the requests and create an OU.
- C. Create a VPC peering connection between the master account and the secondary accounts. Accept the request for the VPC peering connection.
- D. Create a service control policy (SCP) that enables full EC2 access, and attach the policy to the OU.
- E. Create a full EC2 access policy and map the policy to a role in each account. Trust every other account to assume the role.
选AD 还是 AE 好,D中scp只划定可能最大权限,实际还是要看iam?
你的回答