AWS Certified Security – Specialty (SCS-C02) — Question 55

A security engineer is using AWS Organizations and wants to optimize SCPs. The security engineer needs to ensure that the SCPs conform to best practices.
Which approach should the security engineer take to meet this requirement?

Answer options

• A. Use AWS IAM Access Analyzer to analyze the polices. View the findings from policy validation checks.
• B. Review AWS Trusted Advisor checks for all accounts in the organization.
• C. Set up AWS Audit Manager. Run an assessment for all AWS Regions for all accounts.
• D. Ensure that Amazon Inspector agents are installed on all Amazon EC2 instances in all accounts.

Correct answer: A

Explanation

The correct answer is A because AWS IAM Access Analyzer provides insights into the security policies and ensures they follow best practices by highlighting potential issues. Options B, C, and D do not specifically focus on optimizing SCPs or validating their adherence to best practices, making them less suitable for this requirement.