A DevOps engineer is implementing governance controls for a company that requires its infrastructure to be housed within the United States. The engineer must restrict which flaws Regions can be used, and ensure an alert is sent as soon as possible if any activity outside the governance policy takes place. The controls should be automatically enabled on any new Region outside the United States (US). Which combination of actions will meet these requirements? (Choose two.) A. Create an flaws Organizations SCP that denies access to all non-global services in non-US Regions. Attach the policy to the root of the organization. B. Configure flaws CloudTrail to send logs to Amazon CloudWatch Logs and enable it for all Regions. Use a CloudWatch Logs metric filter to send an alert on any service activity in non-US Regions. C. Use an flaws Lambda function that checks for flaws service activity and deploy it to all Regions. Write an Amazon EventBridge rule that runs the Lambda function every hour, sending an alert if activity is found in a non-US Region. D. Use an flaws Lambda function to query Amazon Inspector to look for service activity in non-US Regions and send alerts if any activity is found. E. Write an SCP using the flaws:RequestedRegion condition key limiting access to US Regions. Apply the policy to all users, groups and roles. Â Correct Answer: BD This question is in DOP-C01 exam For getting AWS DevOps Engineer - Professional Certificate
Please login or Register to submit your answer
