Summer Special Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: vce65

A company hosts a security auditing application in an AWS account.

  1. Home
  2. Amazon Web Services
  3. AWS Certified Professional
  4. DOP-C02
  5. DOP-C02 Questions
  6. AWS Certified DevOps Engineer - Professional Practice Questions

A company hosts a security auditing application in an AWS account. The auditing application uses an IAM role to access other AWS accounts. All the accounts are in the same organization in AWS Organizations.

A recent security audit revealed that users in the audited AWS accounts could modify or delete the auditing application's IAM role. The company needs to prevent any modification to the auditing application's IAM role by any entity other than a trusted administrator IAM role.

Which solution will meet these requirements?

A.

Create an SCP that includes a Deny statement for changes to the auditing application's IAM role. Include a condition that allows the trusted administrator IAM role to make changes. Attach the SCP to the root of the organization.

B.

Create an SCP that includes an Allow statement for changes to the auditing application's IAM role by the trusted administrator IAM role. Include a Deny statement for changes by all other IAM principals. Attach the SCP to the IAM service in each AWS account where the auditing application has an IAM role.

C.

Create an IAM permissions boundary that includes a Deny statement for changes to the auditing application's IAM role. Include a condition that allows the trusted administrator IAM role to make changes. Attach the permissions boundary to the audited AWS accounts.

D.

Create an IAM permissions boundary that includes a Deny statement for changes to the auditing application’s IAM role. Include a condition that allows the trusted administrator IAM role to make changes. Attach the permissions boundary to the auditing application's IAM role in the AWS accounts.

Amazon Web Services DOP-C02 View All Questions

Amazon Web Services DOP-C02 Summary

  • Vendor: Amazon Web Services
  • Product: DOP-C02
  • Update on: Aug 1, 2025
  • Questions: 322
Price: $52.5  $149.99
Buy Now DOP-C02 PDF + Testing Engine Pack
Next
A DevOps engineer used an AWS Cloud Formation custom resource to set up AD Connector.
A company hired a penetration tester to simulate an internal security breach The tester performed...
Previous

Payments We Accept

Your purchase with ExamsVCE is safe and fast. Your products will be available for immediate download after your payment has been received.
The ExamsVCE website is protected by 256-bit SSL from McAfee, the leader in online security.

examsvce payment method

Contact Us

Copyright © 2013-2025 examsvce.com. All Rights Reserved
mcafee secure

TESTED 05 Aug 2025