ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 145 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 145
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company manages multiple AWS accounts in AWS Organizations. The company’s security policy states that AWS account root user credentials for member accounts must not be used. The company monitors access to the root user credentials.

A recent alert shows that the root user in a member account launched an Amazon EC2 instance. A DevOps engineer must create an SCP at the organization's root level that will prevent the root user in member accounts from making any AWS service API calls.

Which SCP will meet these requirements?

  • A.
  • B.
  • C.
  • D.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by tom_cat at Nov. 24, 2023, 8 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tom_cat
Highly Voted 1 year, 5 months ago
Selected Answer: C
I believe it should be C https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#bp_member-acct_use-scp
upvoted 8 times
...
thanhnv142
Highly Voted 1 year, 2 months ago
Selected Answer: C
C is correct: < will prevent the root user in member accounts> this means deny action A and D: irrelevant (mention allow statement) B: scp does not have principal element. only condition
upvoted 7 times
...
Gomer
Most Recent 10 months, 1 week ago
Selected Answer: C
A slightly more consise version of "C" is a "strongly recommended" control to deny root access in member accounts. See the example: https://docs.aws.amazon.com/controltower/latest/controlreference/strongly-recommended-controls.html#disallow-root-auser-actions
upvoted 1 times
...
c3518fc
1 year ago
Selected Answer: C
https://docs.aws.amazon.com/organizations/latest/userguide/best-practices_member-acct.html#bp_member-acct_use-scp
upvoted 1 times
...
DanShone
1 year, 1 month ago
Selected Answer: C
C is correct
upvoted 1 times
...
[Removed]
1 year, 2 months ago
Selected Answer: C
C no debate
upvoted 2 times
...
manman7
1 year, 4 months ago
It's C, based on the documentation : https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html#example-scp-root-user
upvoted 4 times
...
zain1258
1 year, 5 months ago
Selected Answer: C
C looks correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago