Crucial Exams

AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question

Your company manages about 80 AWS accounts that are organized under a single AWS Organizations hierarchy. Until a pending security review is finished, the compliance team forbids the use of Amazon MQ in any account, but developers must continue using all other approved services without interruption. The CloudOps team needs a centrally managed, preventative control that applies automatically to new and existing accounts with minimal ongoing maintenance. Which solution meets these requirements MOST effectively?

  • Attach a service control policy to the organization (or OU) that explicitly denies all mq:* actions for every principal.

  • Require every IAM role in all accounts to use a permission boundary that excludes mq:* actions.

  • Enable a CloudTrail trail in each account and use an EventBridge rule to trigger a Lambda function that deletes any newly created Amazon MQ resources.

  • Create an organization-wide AWS Config rule that flags the creation of Amazon MQ brokers as non-compliant.

AWS Certified CloudOps Engineer Associate SOA-C03
Security and Compliance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot