AmazonAmazon
DOP-C02 · Question #461
DOP-C02 Question #461: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #461. The question stem and answer options stay visible for context.
Submitted by cyberguy42· Mar 6, 2026Security and Compliance
Question
A company uses AWS Organizations, AWS Control Tower, AWS Config, and Terraform to manage its AWS accounts and resources. The company must ensure that users deploy only AWS Lambda functions that are connected to a VPC in member AWS accounts. Which solution will meet these requirements with the LEAST operational effort?
Options
- AConfigure AWS Control Tower to use proactive controls (guardrails). Enable optional controls
- BCreate a new SCP that checks the lambda:VpcIds condition key for allowed values.
- CCreate a custom AWS Config rule to detect non-VPC-connected Lambda functions.
- DCreate a new SCP with a conditional statement that denies Lambda creation if lambda:VpcIds is
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#AWS Control Tower#SCPs#Lambda#VPC integration