AWS Certified SysOps Administrator – Associate (legacy) — Question 99

A company wants to ensure that each department operates within their own isolated environment, and they are only able to use pre-approved services.
How can this requirement be met?

Answer options

• A. Set up an AWS Organization to create accounts for each department, and apply service control policies to control access to AWS services.
• B. Create IAM roles for each department, and set policies that grant access to specific AWS services.
• C. Use the AWS Service Catalog to create catalogs of AWS services that are approved for use by each department.
• D. Request that each department create and manage its own AWS account and the resources within it.

Correct answer: A

Explanation

The correct answer, A, is appropriate because using AWS Organizations with service control policies provides a centralized way to manage and enforce permissions across multiple accounts. Options B and C do not provide the same level of isolation and control across departments, while option D could lead to unregulated environments and management challenges.