New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 2 Question 43 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 43
Topic #: 2
[All SCS-C02 Questions]

A healthcare company has multiple AWS accounts in an organization in AWS Organizations. The company uses Amazon S3 buckets to store sensitive information of patients. The company needs to restrict users from deleting any S3 bucket across the organization.

What is the MOST scalable solution that meets these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Vonda at Mar 24, 2025, 08:49 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Reita
2 months ago
S3 bucket policies could work too, but not as scalable.
upvoted 0 times
...
Denna
2 months ago
If I recall correctly, SCPs are designed for this kind of organization-wide control, so I’m leaning towards option D.
upvoted 0 times
...
Rosenda
2 months ago
I practiced a similar question about restricting actions in AWS, and I think permissions boundaries could be relevant, but I'm not confident they apply here.
upvoted 0 times
...
Antonio
2 months ago
I'm not entirely sure, but I feel like S3 bucket policies might be more specific to individual buckets rather than scalable across an organization.
upvoted 0 times
...
Sabrina
3 months ago
Wait, can you really use SCPs to prevent deletions?
upvoted 0 times
...
Felton
3 months ago
I think SCPs are the way to go for this.
upvoted 0 times
...
Elizabeth
3 months ago
Permissions boundaries? Nah, not for this scenario.
upvoted 0 times
...
Floyd
3 months ago
Definitely agree, SCPs can enforce policies across accounts.
upvoted 0 times
...
Fernanda
3 months ago
I remember studying about SCPs in AWS Organizations, and I think they can help enforce policies across multiple accounts.
upvoted 0 times
...
Rebbeca
4 months ago
I'm confident the answer is SCPs. That's the most scalable way to enforce organization-wide policies and restrictions, like preventing bucket deletions across all accounts. The other options might work, but SCPs are probably the best fit for this scenario.
upvoted 0 times
...
Nana
4 months ago
Okay, let's think this through. We need to restrict users from deleting S3 buckets across the entire organization, so the solution needs to be scalable. I'm leaning towards SCPs or permissions boundaries, as those seem like the most robust options for managing access at the organizational level.
upvoted 0 times
...
Olive
4 months ago
Hmm, I'm a bit unsure about this one. I know S3 bucket policies can restrict bucket-level actions, but I'm not sure if that would be the most scalable solution for an organization-wide requirement. Maybe SCPs or permissions boundaries would be better?
upvoted 0 times
...
Erick
4 months ago
This looks like a straightforward IAM question. I think the answer is probably permissions boundaries or SCPs, as those are the most scalable solutions for managing access across an organization.
upvoted 0 times
...
Chu
4 months ago
Okay, I think I've got this. The key here is that the company needs to restrict users from deleting any S3 bucket across the entire organization, which means a centralized, scalable solution is required. I'm confident that SCPs would be the most appropriate choice to meet these requirements.
upvoted 0 times
...
Elbert
5 months ago
Ah, this looks like a classic AWS security and governance question. Based on the requirements, I'm leaning towards Service Control Policies (SCPs) as the most scalable solution. SCPs can be applied at the organizational level to enforce restrictions across all accounts.
upvoted 0 times
...
Selma
5 months ago
Hmm, this is a tricky one. I'm not entirely sure about the differences between the options provided. I'll need to review my notes on AWS Organizations and the various access control mechanisms to figure out the best approach.
upvoted 0 times
...
Marci
5 months ago
I think this question is testing our understanding of AWS Organizations and the different ways to control access and permissions across multiple accounts. I'm considering the options and trying to determine which one would be the most scalable solution.
upvoted 0 times
...
Pete
11 months ago
That's a good point, SCPs do provide organization-wide control. But S3 bucket policies can also be used to restrict specific actions on buckets.
upvoted 0 times
...
Sarah
11 months ago
Have you tried turning it off and on again? Just kidding! But seriously, D) SCPs are the way to go. It's like a magic 'no-delete' button for your entire AWS organization. Genius!
upvoted 0 times
Alysa
9 months ago
SCPs definitely make it easier to manage permissions and prevent accidental deletions. It's a scalable solution for sure.
upvoted 0 times
...
Freida
10 months ago
I agree, SCPs are the best option for this scenario. It's a great way to enforce restrictions across multiple AWS accounts.
upvoted 0 times
...
...
Octavio
11 months ago
D) SCPs, baby! It's like having a personal bodyguard for your S3 buckets. No more 'Oops, I deleted the entire company's sensitive data' moments. Boom, problem solved!
upvoted 0 times
Melynda
10 months ago
D) SCPs
upvoted 0 times
...
Brynn
10 months ago
C) Tag policies
upvoted 0 times
...
Chan
10 months ago
B) S3 bucket policies
upvoted 0 times
...
Lai
10 months ago
A) Permissions boundaries in AWS Identity and Access Management (IAM)
upvoted 0 times
...
...
Luis
11 months ago
A) Permissions boundaries? Pfft, that's so last year. D) SCPs are where it's at - simple, scalable, and you can even use them to block access to the snack machine, if you're feeling extra sassy.
upvoted 0 times
...
Hoa
11 months ago
I disagree, I believe the answer is D) SCPs because they can be applied at the organization level.
upvoted 0 times
...
Lanie
11 months ago
I dunno, B) S3 bucket policies sound like a lot of work. Who's got time for that when you can just let D) SCPs do the heavy lifting?
upvoted 0 times
...
Delbert
11 months ago
D) SCPs all the way! Deleting buckets across multiple accounts? That's like trying to herd cats, but with SCPs, you can wrangle those felines like a pro!
upvoted 0 times
James
10 months ago
D) SCPs
upvoted 0 times
...
Ahmad
10 months ago
B) S3 bucket policies
upvoted 0 times
...
Ligia
11 months ago
A) Permissions boundaries in AWS Identity and Access Management (IAM)
upvoted 0 times
...
...
Pete
11 months ago
I think the answer is B) S3 bucket policies.
upvoted 0 times
...

Save Cancel