SAP-C02 • Mock Exam 85
Free SAP-C02 mock exam — 25 questions with explanations. Set 85. No signup required.
A global e-commerce company uses AWS Organizations with over 500 accounts. They have a central security account that aggregates CloudTrail logs and VPC Flow Logs from all accounts. The security team needs to analyze these logs using Amazon Athena and visualize the results in Amazon QuickSight. The logs are stored in an S3 bucket in the security account, and each member account writes its own prefix. The current setup uses a bucket policy to allow member accounts to write logs. Recently, the security team has been unable to query logs for the past week. They suspect the issue is related to a new SCP that was applied to the root. The SCP denies s3:PutObject unless the request includes a specific tag. Which action should the security team take to restore log delivery without compromising security?