SCS-C02 · Question #130
SCS-C02 Question #130: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #130. The question stem and answer options stay visible for context.
Question
A company has an organization with SCPs in AWS Organizations. The root SCP for the organization is as follows: The company's developers are members of a group that has an IAM policy that allows access to Amazon Simple Email Service (Amazon SES) by allowing ses:* actions. The account is a child to an OU that has an SCP that allows Amazon SES. The developers are receiving a not-authorized error when they try to access Amazon SES through the AWS Management Console. Which change must a security engineer implement so that the developers can access Amazon SES?
Options
- AAdd a resource policy that allows each member of the group to access Amazon SES.
- BAdd a resource policy that allows "Principal": {"AWS": "arn:aws:iam::account-number:group/Dev"}.
- CRemove the AWS Control Tower control (guardrail) that restricts access to Amazon SES.
- DRemove Amazon SES from the root SCP.
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.