🔥 3-day streak
AWS Certified Security - Specialty125 / 157
Question 125 of 157
A security engineer is designing the service control policy (SCP) strategy for a newly created AWS Organization with all features enabled. The compliance team requires that member accounts be permitted to use only Amazon S3, Amazon EC2, and AWS CloudTrail — every other AWS service must be blocked, and this restriction should apply even to new services AWS launches in the future. The engineer wants the simplest, most maintainable approach that will not require editing the policy each time AWS releases a new service. Which approach meets these requirements?
Reviewed for accuracy · Report an issueNext question