Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

A CloudOps engineer must ensure that IAM users can start, stop, or terminate Amazon EC2 instances only when they are signed in with multi-factor authentication (MFA). Users access the AWS Management Console and the AWS CLI from the same account. Which approach satisfies this requirement with the least operational overhead?

  • Update the account password policy to require users to configure an MFA device before they can sign in to the console or CLI.

  • Create a service control policy (SCP) in AWS Organizations that blocks ec2:* unless the request context key "aws:authType" equals "MFA".

  • Enable MFA Delete on the account's S3 buckets so that any privileged operation requires an MFA code.

  • Attach a customer-managed IAM policy to all IAM users and groups that explicitly denies ec2:* actions when the condition Bool "aws:MultiFactorAuthPresent" is "false".

AWS Certified CloudOps Engineer Associate SOA-C03
Security and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot