DOP-C02 · Question #295
DOP-C02 Question #295: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #295. The question stem and answer options stay visible for context.
Question
A company uses AWS Organizations to manage its AWS accounts. The organization root has a child OU that is named Department. The Department OU has a child OU that is named Engineering. The default FullAWSAccess policy is attached to the root, the Department OU, and the Engineering OU. The company has many AWS accounts in the Engineering OU. Each account has an administrative IAM role with the AdministratorAccess IAM policy attached. The default FullAWSAccessPolicy is also attached to each account. A DevOps engineer plans to remove the FullAWSAccess policy from the Department OU. The DevOps engineer will replace the policy with a policy that contains an Allow statement for all Amazon EC2 API operations. What will happen to the permissions of the administrative 1AM roles as a result of this change?
Options
- AAll API actions on all resources will be allowed.
- BAll API actions on EC2 resources will be allowed. All other API actions will be denied.
- CAll API actions on all resources will be denied.
- DAll API actions on EC2 resources will be denied. All other API actions will be allowed.
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.