For Individuals For Educators

Ace your certifications with Practice Exams and AI assistance.

Browse Exams
For Educators
Blog

Privacy Policy
Terms of Service
Cookie Policy
Support

AWS SAA Exam Prep
PMI PMP Exam Prep
CPA Exam Prep
GCP PCA Exam Prep

© 2026 TinyHive Labs. Company number 16262776.

Practice AWS Solutions Architect Professional (SAP-C02)AWS Solutions Architect Professional SAP-C02 Practice Exam 1Question 02

Medium1 markMultiple Choice

Domain 1.2: Security ControlsSecurityOrganizationsSCP

AWS SAP-C02 · Question 02 · Domain 1.2: Security Controls

A company uses AWS Organizations. The security team wants to ensure that no IAM user or role can disable AWS CloudTrail in any member account, even if they have AdministratorAccess. How can this be achieved?

Answer options:

A.

Create an IAM permissions boundary and attach it to all users and roles.

B.

Apply a Service Control Policy (SCP) to the organization root that denies the cloudtrail:StopLogging action.

C.

Use AWS Config rules to automatically restart CloudTrail if it is stopped.

D.

Enable CloudTrail Organization trails, which cannot be disabled by member accounts.

How to approach this question

Look for the mechanism that provides centralized, preventative guardrails across an organization.

Full Answer

B.Apply a Service Control Policy (SCP) to the organization root that denies the cloudtrail:StopLogging action.✓ Correct

SCPs are used to set preventative guardrails across all accounts in an AWS Organization.

Common mistakes

Confusing SCPs with IAM policies or boundaries.

Question 01 All questions Question 03

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1

75 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01An enterprise has 50 VPCs across two AWS Regions. They need to establish transitive routing betwe...Hard Q03An application requires a relational database with an RPO of 1 second and an RTO of less than 1 m...Hard Q04A company is setting up a new multi-account environment. They want to automate the provisioning o...Medium Q05An organization wants to allocate AWS costs to specific business units. They use AWS Organization...Hard Q06A development team wants to implement a CI/CD pipeline that deploys an application to Amazon ECS....Medium

View all 75 questions →