Skip to Content

Amazon CLF-C02: Which design principle is best practice using AWS Organizations to configure accounts?

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Table of Contents

Question

A company is using AWS Organizations to configure AWS accounts. Which design principle is a best practice for the company to implement?

A. Organize accounts based on security and operational needs.
B. Assign multiple sets of related workloads to each production account.
C. Deploy workloads to the organization’s management account.
D. Combine production workloads and non-production workloads.

Answer

A. Organize accounts based on security and operational needs.

Explanation

The correct answer is A. Organize accounts based on security and operational needs.

This is a best practice because it allows the company to:

  • Isolate different workloads and environments, which can help to improve security and compliance.
  • Delegate permissions to different teams and individuals, which can help to improve operational efficiency.
  • Track costs and usage more easily.
  • Simplify disaster recovery and business continuity planning.

The other options are not best practices because they can lead to security and compliance risks, operational inefficiencies, and financial challenges.

Here is a more detailed explanation of each option:

  • A. Organize accounts based on security and operational needs: This is the best practice because it allows the company to isolate different workloads and environments, which can help to improve security and compliance. For example, the company could create separate accounts for production, development, and testing workloads. This would help to prevent unauthorized access to sensitive data and ensure that different environments are not accidentally interconnected.
  • B. Assign multiple sets of related workloads to each production account: This is not a best practice because it can lead to operational inefficiencies. For example, if a production account has multiple sets of related workloads, it can be difficult to manage and track costs. It can also be difficult to troubleshoot problems if they occur.
  • C. Deploy workloads to the organization’s management account: This is not a best practice because it can lead to security risks. The management account is a privileged account that should only be used for administrative tasks. Deploying workloads to the management account could give unauthorized users access to sensitive data.
  • D. Combine production workloads and non-production workloads: This is not a best practice because it can lead to compliance risks. Production workloads should be isolated from non-production workloads to prevent sensitive data from being exposed.

Which design principle is best practice using AWS Organizations to configure accounts?

Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.