A company uses flaws Organizations to manage multiple flaws accounts. Corporate policy mandates that only specific flaws Regions can be used to store and process customer data. A SysOps administrator must prevent the provisioning of Amazon EC2 instances in unauthorized Regions by anyone in the company. What is the MOST operationally efficient solution that meets these requirements?

Questions › Category: SOA-C02 › A company uses flaws Organizations to manage multiple flaws accounts. Corporate policy mandates that only specific flaws Regions can be used to store and process customer data. A SysOps administrator must prevent the provisioning of Amazon EC2 instances in unauthorized Regions by anyone in the company. What is the MOST operationally efficient solution that meets these requirements?

0 Vote Up Vote Down

Admin Staff asked 7 months ago

A company uses flaws Organizations to manage multiple flaws accounts. Corporate policy mandates that only specific flaws Regions can be used to store and process customer data. A SysOps administrator must prevent the provisioning of Amazon EC2 instances in unauthorized Regions by anyone in the company.
What is the MOST operationally efficient solution that meets these requirements?

A. Configure flaws CloudTrail in all Regions to record all API activity. Create an Amazon EventBridge (Amazon CloudWatch Events) rule in all unauthorized Regions for ec2:RunInstances events. Use flaws Lambda to terminate the launched EC2 instances.

B. In each flaws account, create a managed IAM policy that uses a Region condition to deny the ec2:RunInstances action in all unauthorized Regions. Attach this policy to all IAM groups in each flaws account.

C. In each flaws account, create an IAM permissions boundary policy that uses a Region condition to deny the ec2:RunInstances action in all unauthorized Regions. Attach the permissions boundary policy to all IAM users in each flaws account.

D. Create a service control policy (SCP) in flaws Organizations to deny the ec2:RunInstances action in all unauthorized Regions. Attach this policy to the root level of the organization.








 

Correct Answer: D

This question is in SOA-C02 exam
For getting AWS Certified SysOps Administrator - Associate

A SysOps administrator has created an flaws Service Catalog portfolio and has shared the portfolio with a second flaws account in the company. The second account is controlled by a different administrator. Which action will the administrator of the second account be able to perform?

AZ-104 Practice Test Free

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password

A SysOps administrator has created an flaws Service Catalog portfolio and has shared the portfolio with a second flaws account in the company. The second account is controlled by a different administrator. Which action will the administrator of the second account be able to perform?

AZ-104 Practice Test Free

Related Questions

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password