DOP-C02 · Question #293
DOP-C02 Question #293: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #293. The question stem and answer options stay visible for context.
Question
A company uses an organization in AWS Organizations that a security team and a DevOps team manage. Both teams access the accounts by using AWS IAM Identity Center. A dedicated group has been created for each team. The DevOps team's group has been assigned a permission set named DevOps. The permission set has the AdministratorAccess managed IAM policy attached. The permission set has been applied to all accounts in the organization. The security team wants to ensure that the DevOps team does not have access to IAM Identity Center in the organization's management account. The security team has attached the following SCP to the organization root: After implementing the policy, the security team discovers that the DevOps team can still access IAM Identity Center. Which solution will fix the problem?
Options
- AIn the organization's management account, create a new OU. Move the organization's
- BIn the organization's management account, update the SCP condition reference to the ARN of the
- CIn IAM Identity Center, create a new permission set. Ensure that the assigned policy has full
- DIn IAM Identity Center, update the DevOps permission set. Ensure that the assigned policy has
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.