nerdexam
ExamsDOP-C02Questions#233
AmazonAmazon

DOP-C02 · Question #233

DOP-C02 Question #233: Real Exam Question with Answer & Explanation

The correct answer is B: In Organizations, create an SCP that denies source IP addresses that are outside of the. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_deny-

Submitted by omar99· Mar 6, 2026Security and Compliance

Question

A company operates sensitive workloads across the AWS accounts that are in the company's organization in AWS Organizations. The company uses an IP address range to delegate IP addresses for Amazon VPC CIDR blocks and all non-cloud hardware. The company needs a solution that prevents principals that are outside the company's IP address range from performing AWS actions in the organization's accounts. Which solution will meet these requirements?

Options

  • AConfigure AWS Firewall Manager for the organization. Create an AWS Network Firewall policy
  • BIn Organizations, create an SCP that denies source IP addresses that are outside of the
  • CConfigure Amazon GuardDuty for the organization. Create a GuardDuty trusted IP address list for
  • DIn Organizations, create an SCP that allows source IP addresses that are inside of the company's

Explanation

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_deny-

Topics

#AWS Organizations SCPs#IP-based access control#Security perimeter#aws:SourceIp

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full DOP-C02 PracticeBrowse All DOP-C02 Questions