AWS Certified Solutions Architect – Associate (SAA-C03) — Question 842

A company creates dedicated AWS accounts in AWS Organizations for its business units. Recently, an important notification was sent to the root user email address of a business unit account instead of the assigned account owner. The company wants to ensure that all future notifications can be sent to different employees based on the notification categories of billing, operations, or security.

Which solution will meet these requirements MOST securely?

Answer options

• A. Configure each AWS account to use a single email address that the company manages. Ensure that all account owners can access the email account to receive notifications. Configure alternate contacts for each AWS account with corresponding distribution lists for the billing team, the security team, and the operations team for each business unit.
• B. Configure each AWS account to use a different email distribution list for each business unit that the company manages. Configure each distribution list with administrator email addresses that can respond to alerts. Configure alternate contacts for each AWS account with corresponding distribution lists for the billing team, the security team, and the operations team for each business unit.
• C. Configure each AWS account root user email address to be the individual company managed email address of one person from each business unit. Configure alternate contacts for each AWS account with corresponding distribution lists for the billing team, the security team, and the operations team for each business unit.
• D. Configure each AWS account root user to use email aliases that go to a centralized mailbox. Configure alternate contacts for each account by using a single business managed email distribution list each for the billing team, the security team, and the operations team.

Correct answer: D

Explanation

Option D is the most secure and administratively efficient solution because routing root user emails via aliases to a centralized, highly restricted mailbox protects root access while ensuring critical account-level notifications are not missed. Using centralized, business-managed distribution lists for billing, security, and operations alternate contacts ensures that notifications are reliably sent to the correct teams as personnel change. Other options either increase security risks by sharing root mailbox access among too many users or create high administrative overhead by managing individual root email assignments.