SOA-C03 · Question #109
SOA-C03 Question #109: Real Exam Question with Answer & Explanation
Sign in or unlock SOA-C03 to reveal the answer and full explanation for question #109. The question stem and answer options stay visible for context.
Question
A company has multiple AWS accounts. A CloudOps engineer uses a sandbox account to create and verify IAM policies for use in a production account. The CloudOps engineer uses AWS CloudFormation to deploy policies to the sandbox account for testing. When tests pass, the CloudOps engineer deploys the policies to production. The CloudOps engineer has configured AWS CloudTrail in both the sandbox account and the production account. The CloudOps engineer wants to detect any changes to the IAM policies after the policies have been deployed by CloudFormation. The CloudOps engineer must receive notifications for any changes to the policies. Which solution will meet these requirements with the LEAST administrative effort?
Options
- AConfigure CloudTrail to send email notifications to the CloudOps engineer when CloudTrail
- BCreate an Amazon EventBridge rule to invoke an AWS Lambda function to check the
- CUse AWS Identity and Access Management Access Analyzer to generate a policy based on
- DStore the IAM policies as a JSON document in an Amazon S3 bucket. Use an AWS Lambda
Unlock SOA-C03 to see the answer
You've previewed enough free SOA-C03 questions. Unlock SOA-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.