AmazonAmazon
DOP-C02 · Question #235
DOP-C02 Question #235: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #235. The question stem and answer options stay visible for context.
Submitted by mike_84· Mar 6, 2026Security & Compliance
Question
A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company needs an automated process across all AWS accounts to isolate any compromised Amazon EC2 instances when the instances receive a specific tag. Which combination of steps will meet these requirements? (Choose two.)
Options
- AUse AWS CloudFormation StackSets to deploy the CloudFormation stacks in all AWS accounts.
- BCreate an SCP that has a Deny statement for the ec2:* action with a condition of
- CAttach the SCP to the root of the organization.
- DCreate an AWS CloudFormation template that creates an EC2 instance role that has no IAM
- ECreate an AWS CloudFormation template that creates an EC2 instance role that has no IAM
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#AWS Organizations#CloudFormation StackSets#EC2 instance isolation#IAM roles