DOP-C02 · Question #189
DOP-C02 Question #189: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #189. The question stem and answer options stay visible for context.
Question
A company uses AWS Organizations to manage its AWS accounts. The company has a root OU that has a child OU. The root OU has an SCP that allows all actions on all resources. The child OU has an SCP that allows all actions for Amazon DynamoDB and AWS Lambda, and denies all other actions. The company has an AWS account that is named vendor-data in the child OU. A DevOps engineer has an IAM user that is attached to the Administrator Access IAM policy in the vendor- data account. The DevOps engineer attempts to launch an Amazon EC2 instance in the vendor- data account but receives an access denied error. Which change should the DevOps engineer make to launch the EC2 instance in the vendor-data account?
Options
- AAttach the AmazonEC2FullAccess IAM policy to the IAM user.
- BCreate a new SCP that allows all actions for Amazon EC2. Attach the SCP to the vendor-data
- CUpdate the SCP in the child OU to allow all actions for Amazon EC2.
- DCreate a new SCP that allows all actions for Amazon EC2. Attach the SCP to the root OU.
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.