Practice free →
HomeAWS DevOps Procloudcomputingdopsecurity › Which AWS feature lets a DevOps engineer apply p…

Which AWS feature lets a DevOps engineer apply preventive guardrails across an entire AWS Organization — e.g. 'no IAM users can create access keys without MFA'?

AService Control Policies (SCPs) attached at the OU level
BPer-account IAM policies copied manually
CCloudTrail-only auditing without preventive control
DAsking developers nicely
Answer & Solution
Correct answer: A. Service Control Policies (SCPs) attached at the OU level
SCPs are the preventive org-wide guardrail (per DOP-C02 §6.1). Per-account IAM doesn't enforce org-wide; CloudTrail is reactive; trust is not a control.
Solve this in the app — AWS DevOps Pro practice & 24k+ MCQs →
Related questions