🔥 3-day streak
AWS Certified Security - Specialty126 / 157
Question 126 of 157
A security team manages an AWS Organizations structure with an OU named 'Workloads' containing 40 member accounts. Leadership wants to guarantee that no EC2 instance can ever be launched across these accounts unless it requires IMDSv2 (instance metadata service version 2), regardless of what IAM permissions individual account administrators grant. The solution must be preventive, apply org-wide, and not depend on any per-account IAM configuration or detective remediation. What should the team implement?
Reviewed for accuracy · Report an issueNext question