Answer-first summary for fast verification
Answer: Implement data residency guardrails in AWS Control Tower., Establish service control policies in AWS Organizations to prevent VPC internet access.
Option A is correct because AWS Control Tower allows you to implement data residency guardrails to ensure that resources are only deployed in the ap-northeast-3 region, and it can also restrict internet access. Option C is correct because AWS Organizations can be used to create service control policies (SCPs) that prevent VPCs from gaining internet access and also restrict usage to the ap-northeast-3 region. These solutions directly address the compliance requirements to limit usage to the specified region and prevent internet connectivity for VPCs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company plans to migrate its data center to AWS with strict compliance requirements: usage limited to the ap-northeast-3 Region and prohibition of VPC internet connectivity. Identify two solutions that satisfy these constraints.
A
Implement data residency guardrails in AWS Control Tower.
B
Configure AWS WAF rules and account settings to restrict internet access.
C
Establish service control policies in AWS Organizations to prevent VPC internet access.
D
Set network ACL outbound rules to block traffic and IAM policies to restrict region access.
E
Utilize AWS Config managed rules for monitoring compliance with region and internet access policies.
No comments yet.