ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 184 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 184
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A DevOps engineer is implementing governance controls for a company that requires its infrastructure to be housed within the United States. The engineer must restrict which AWS Regions can be used, and ensure an alert is sent as soon as possible if any activity outside the governance policy takes place. The controls should be automatically enabled on any new Region outside the United States (US).

Which combination of actions will meet these requirements? (Choose two.)

  • A. Create an AWS Organizations SCP that denies access to all non-global services in non-US Regions. Attach the policy to the root of the organization.
  • B. Configure AWS CloudTrail to send logs to Amazon CloudWatch Logs and enable it for all Regions. Use a CloudWatch Logs metric filter to send an alert on any service activity in non-US Regions.
  • C. Use an AWS Lambda function that checks for AWS service activity and deploy it to all Regions. Write an Amazon EventBridge rule that runs the Lambda function every hour, sending an alert if activity is found in a non-US Region.
  • D. Use an AWS Lambda function to query Amazon Inspector to look for service activity in non-US Regions and send alerts if any activity is found.
  • E. Write an SCP using the aws:RequestedRegion condition key limiting access to US Regions. Apply the policy to all users, groups, and roles.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by PrasannaBalaji at Dec. 29, 2023, 3:29 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kiwtirApp
5 months, 1 week ago
Selected Answer: AB
Option A suggests creating an AWS Organizations SCP that denies access to all non-global services in non-US Regions. This is a valid approach. Option B recommends configuring AWS CloudTrail to send logs to Amazon CloudWatch Logs and enabling it for all Regions.
upvoted 2 times
...
seetpt
5 months, 3 weeks ago
Selected Answer: AB
AB for me
upvoted 1 times
...
dkp
6 months, 2 weeks ago
Selected Answer: AB
A& B are correct answer
upvoted 2 times
...
DanShone
7 months, 2 weeks ago
Selected Answer: AB
A - SCP to restrict B - CloudTrail to monitor
upvoted 4 times
...
thanhnv142
8 months, 2 weeks ago
Selected Answer: AB
A and B are correct: SCP to restrict and AWS cloutrail to monitor C: Lambda cannot check AWS service activity D: AWS inspector has nothing to do here E: <Apply the policy to all users, groups, and roles>: cannot assign a SCP to all users, groups and roles.
upvoted 4 times
kiwtirApp
5 months, 1 week ago
Your logic for SCP not applying to users, groups and roles is incorrect. SCP can be applied to users and roles. Groups will therefore be indirectly affected.
upvoted 1 times
...
...
twogyt
9 months, 2 weeks ago
Selected Answer: AB
It's A and B
upvoted 2 times
...
d262e67
10 months ago
Selected Answer: AB
A & B are correct.
upvoted 2 times
...
Alagong
10 months ago
Selected Answer: AB
A & B Correct https://www.examtopics.com/discussions/amazon/view/47872-exam-aws-devops-engineer-professional-topic-1-question-260/
upvoted 2 times
...
csG13
10 months ago
Selected Answer: AB
It's A & B
upvoted 2 times
...
PrasannaBalaji
10 months ago
Selected Answer: BC
B & C correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago