AWS Certified SysOps Administrator – Associate (legacy) — Question 849

A Big Data consulting company wants to separate its customers' workloads for billing and security reasons. The company would like to maintain billing and security controls on these workloads.
According to best practices, how can the workloads be separated if no shared resources are needed?

Answer options

• A. Require each customer to create their own account. Contact AWS Support to receive a consolidated bill.
• B. Create customer accounts within AWS Organizations specifying consolidated billing features.
• C. Create a separate VPC for each customer. Use security groups to isolate traffic.
• D. Dedicate an AWS Region to each customer. Ensure that each entry in Amazon Route 53 is unique.

Correct answer: C

Explanation

Isolating workloads by creating a distinct VPC for each customer ensures strong network-level segregation, and using security groups allows precise control over incoming and outgoing traffic. This method enables the consulting company to retain direct billing and security oversight over all workloads within a single administrative boundary. Other options, such as using separate AWS Regions or forcing customers to manage their own accounts, introduce unnecessary complexity and reduce the company's centralized control.