An organization uses AWS Control Tower to manage its multi-account environment. They need to ensure that Amazon S3 Public Access is blocked across all accounts, and any non-compliant buckets are automatically remediated. Which combination of services provides the BEST solution?

Answer options:

Deploy a custom AWS Lambda function in each account triggered by EventBridge to modify S3 bucket policies.

Enable the AWS Control Tower strongly recommended guardrail for S3 Public Access block.

Use AWS Systems Manager Patch Manager to run a script that blocks public access.

Configure Amazon Macie to automatically delete public S3 buckets.

How to approach this question

Leverage native Control Tower features for multi-account governance.

Full Answer

B.Enable the AWS Control Tower strongly recommended guardrail for S3 Public Access block.✓ Correct

AWS Control Tower provides preventive and detective guardrails. The S3 Block Public Access guardrail is a standard feature that enforces this requirement organization-wide.

Common mistakes

Over-engineering with custom Lambda functions when a managed guardrail exists.

Question 05 All questions Question 07

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

75 questions · hints · full answers · grading

More questions from this exam

Q01A company is setting up a multi-account AWS environment using AWS Organizations. They need to ens...Easy Q02An enterprise needs to connect its on-premises data center to AWS. They require a dedicated, priv...Easy Q03A company wants to share a single AWS Transit Gateway across multiple AWS accounts within their A...Easy Q04An architect needs to design a highly available database architecture that spans multiple AWS Reg...Easy Q05A global financial institution is migrating its core banking application to AWS. The application ...Medium

View all 75 questions →