ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 303 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 303
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company recently configured AWS Control Tower in its organization in AWS Organizations. The company enrolled all existing AWS accounts in AWS Control Tower. The company wants to ensure that all new AWS accounts are automatically enrolled in AWS Control Tower.

The company has an existing AWS Step Functions workflow that creates new AWS accounts and performs any actions required as part of account creation. The Step Functions workflow is defined in the same AWS account as AWS Control Tower.

Which combination of steps should the company add to the Step Functions workflow to meet these requirements? (Choose two.)

  • A. Create an Amazon EventBridge event that has an aws.controltower source and a CreateManagedAccount detail-type. Add the details of the new AWS account to the detail field of the event.
  • B. Create an Amazon EventBridge event that has an aws.controltower source and a SetupLandingZone detail-type. Add the details of the new AWS account to the detail field of the event.
  • C. Create an AWSControlTowerExecution role in the new AWS account. Configure the role to allow the AWS Control Tower administrator account to assume the role.
  • D. Call the AWS Service Catalog ProvisionProduct API operation with the details of the new AWS account.
  • E. Call the Organizations EnableAWSServiceAccess API operation with the controltower.amazonaws.com service name and the details of the new AWS account.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by f4b18ba at Nov. 17, 2024, 10:32 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
teo2157
1 month ago
Selected Answer: CE
Agrees with CE based on the blog that CHRIS1272222 provided
upvoted 1 times
...
youonebe
1 month, 3 weeks ago
Selected Answer: CE
C - AWS Control Tower requires the AWSControlTowerExecution role to be created in each managed account. This role allows AWS Control Tower to manage the account and enforce governance and compliance rules. When a new account is created, AWS Control Tower will need this role to carry out management tasks. E - The EnableAWSServiceAccess API operation is used to enable AWS Control Tower service access in AWS Organizations. This action ensures that AWS Control Tower can operate across the organization and manage new accounts that are created within the organization. By enabling service access for Control Tower, new accounts can be automatically enrolled in the governance and management processes of Control Tower.
upvoted 1 times
...
CHRIS12722222
1 month, 3 weeks ago
Selected Answer: CD
Read blog https://aws.amazon.com/blogs/architecture/field-notes-enroll-existing-aws-accounts-into-aws-control-tower/ Download the python code and you will see it calls the ProvisionProduct API in method provision_sc_product
upvoted 3 times
...
Ky_24
2 months ago
Selected Answer: CD
Option Details: 1. C. Create an AWSControlTowerExecution role: • AWS Control Tower requires an AWSControlTowerExecution role in new accounts. • This role allows AWS Control Tower to assume control of the account and apply the necessary guardrails, policies, and configurations. • Without this role, AWS Control Tower cannot manage the account. 2. D. Call the AWS Service Catalog ProvisionProduct API operation: • Account Factory uses AWS Service Catalog to create and enroll new accounts into AWS Control Tower. • The ProvisionProduct API operation allows programmatic provisioning of new accounts through Account Factory, ensuring enrollment into Control Tower governance.
upvoted 4 times
...
f4b18ba
3 months ago
Answer: CD (had a typo)
upvoted 2 times
...
f4b18ba
3 months ago
Answer: CE WSControlTowerExecution Role (Option C): For AWS Control Tower to manage accounts, each account must have the AWSControlTowerExecution role, which allows the AWS Control Tower administrator account to assume the role and apply required policies and controls. Creating this role in the new account enables Control Tower to perform management operations as needed. Service Catalog ProvisionProduct API (Option D): AWS Control Tower uses AWS Service Catalog products to provision and manage accounts. Calling the ProvisionProduct API operation as part of the Step Functions workflow allows the new account to be enrolled in Control Tower by provisioning it through the appropriate Service Catalog product. This step ensures that the new account is enrolled in the AWS Control Tower landing zone.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago