AWS Certified Cloud Practitioner — Question 598
A company wants to implement controls (guardrails) in a newly created AWS Control Tower landing zone.
Which AWS services or features can the company use to create and define these controls (guardrails)? (Choose two.)
Answer options
- A. AWS Config
- B. Service control policies (SCPs)
- C. Amazon Guard Duly
- D. AWS Identity and Access Management (1AM)
- E. Security groups
Correct answer: B, D
Explanation
Service control policies (SCPs) are used in AWS Control Tower to implement preventive guardrails that block unauthorized actions across accounts. AWS Identity and Access Management (IAM) is utilized to define and enforce the specific access controls and permissions that align with these landing zone guardrails. Other options like Amazon Guard Duty and security groups focus on threat detection and network-level security rather than defining landing zone administrative controls.