Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

A financial-services company with an AWS Organizations hierarchy must prevent creation of any resources outside us-east-1 and us-east-2 to meet regulatory requirements. The CloudOps team wants a solution that blocks non-compliant API calls across all existing and future member accounts with the least ongoing operational effort. Which approach satisfies these requirements?

  • Attach a service control policy at the organization root that denies all actions when the aws:RequestedRegion condition is not us-east-1 or us-east-2.

  • Deploy the AWS Config managed rule that detects resources in unapproved Regions and use Systems Manager Automation to delete any that are found.

  • Create an IAM permission boundary in every account that allows actions only in the approved Regions and mandate its use for all roles.

  • Enable a multi-Region CloudTrail and configure Amazon EventBridge to invoke a Lambda function that stops or deletes resources launched in other Regions.

AWS Certified CloudOps Engineer Associate SOA-C03
Security and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot