🔥 3-day streak
AWS Certified Security - Specialty144 / 184
Question 144 of 184
A company uses AWS Organizations with a nested OU structure. The root has an SCP attached that allows all actions (FullAWSAccess). A top-level "Production" OU has an SCP that denies use of all AWS services except EC2, S3, and CloudWatch. A nested "WebApp" OU under Production has an SCP that explicitly allows RDS and EC2. An account in the WebApp OU has an IAM administrator user attempting to launch an RDS database instance. What is the effective result, and why?
Reviewed for accuracy · Report an issueNext question