DOP-C02 · Question #366
DOP-C02 Question #366: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #366. The question stem and answer options stay visible for context.
Question
A company uses an organization in AWS Organizations to manage multiple AWS accounts in a hierarchical structure. An SCP that is associated with the organization root allows IAM users to be created. A DevOps team must be able to create IAM users with any level of permissions. Developers must also be able to create IAM users. However, developers must not be able to grant new IAM users excessive permissions. The developers have the CreateAndManageUsers role in each account. The DevOps team must be able to prevent other users from creating IAM users. Which combination of steps will meet these requirements? (Choose two.)
Options
- ACreate an SCP in the organization to deny users the ability to create and modify IAM users.
- BCreate an SCP in the organization to grant users that have the DeveloperBoundary policy
- CCreate an IAM permissions policy named PermissionBoundaries within each account. Configure
- DCreate an IAM permissions policy named PermissionBoundaries within each account. Configure
- ECreate an IAM permissions policy named DeveloperBoundary within each account. Configure the
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.