A company is running its workloads in a single AWS Region and uses AWS Organizations. A security engineer must implement a solution to prevent users from launching resources in other Regions. Which solution will meet these requirements with the LEAST operational overhead? A. Create an IAM policy that has an aws:RequestedRegion condition that allows actions only in the designated Region. Attach the policy to all users. B. Create an IAM policy that has an aws:RequestedRegion condition that denies actions that are not in the designated Region. Attach the policy to the AWS account in AWS Organizations. C. Create an IAM policy that has an aws:RequestedRegion condition that allows the desired actions. Attach the policy only to the users who are in the designated Region. D. Create an SCP that has an aws:RequestedRegion condition that denies actions that are not in the designated Region. Attach the SCP to the AWS account in AWS Organizations.  Suggested Answer: D Community Answer: D This question is in SCS-C01 AWS Certified Security – Specialty Exam For getting AWS Certified Security – Specialty Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon. The website does not contain actual questions and answers from Amazon's Certification Exam.
Please login or Register to submit your answer