Question 1 · Design Secure Architectures
A multinational corporation wants to implement centralized access management for multiple AWS accounts while enforcing consistent security policies. What is the most comprehensive approach to achieve this?
- Use AWS Organizations with Service Control Policies (SCPs)
- Create individual IAM users in each account
- Use AWS IAM Identity Center for manual policy management
- Implement separate security groups for each account
Correct answer: Use AWS Organizations with Service Control Policies (SCPs)
AWS Organizations with Service Control Policies (SCPs) provides centralized governance across multiple AWS accounts, allowing you to create and apply policies that apply to all accounts in the organization. This approach ensures consistent security controls and access restrictions across the entire AWS environment.





