Question 361:
An IT company has owned several AWS accounts that belong to an AWS Organization. The root account and all children accounts have configured Service Control Policies (SCPs) to help manage the organization. Recently, an IAM user in a child account needs the permissions to enable its Amazon VPC Flow Logs. Under which configurations can the user operate the VPC Flow Logs successfully? (Select TWO.)
Answer options:
A.The SCP for the root account permits enabling VPC Flow Logs. The SCP for the child account does NOT permit enabling VPC Flow Logs. The user has the IAM permission policy to enable VPC Flow Logs. B.The SCPs for both root account and the child account permit enabling VPC Flow Logs. The user has the IAM permission policy to enable VPC Flow Logs. C.The SCP for the root account permits all actions with default FullAWSAccess policy. The user does NOT have the IAM permission policy to enable VPC Flow Logs. D.The SCP for the root account permits all actions with default FullAWSAccess policy. The child account permits enabling VPC Flow Logs. The user has the IAM permission policy to enable VPC Flow Logs. E.The SCP for the root account does NOT permit enabling VPC Flow Logs. The SCP for the child account permits enabling VPC Flow Logs. The user does NOT have the IAM permission policy to enable VPC Flow Logs.