SOA-C02 · Question #689
SOA-C02 Question #689: Real Exam Question with Answer & Explanation
Sign in or unlock SOA-C02 to reveal the answer and full explanation for question #689. The question stem and answer options stay visible for context.
Question
A company has its accounts in an organization in AWS Organizations. The company deploys its first service control policy (SCP) to an organizational unit (OU). The SCP denies the iam:CreateUser action. Only the newly created SCP is attached to the OU. After deployment of the SCP, users in the OU who assume a developer IAM role can no longer launch Amazon EC2 instances. Which action should a SysOps administrator take to resolve this issue?
Options
- AAdd a permissions boundary to the developer IAM role to explicitly allow the ec2:RunInstances
- BUpdate the SCP to include an additional statement that allows all actions on all resources.
- CUpdate the SCP to include an additional statement that allows the ec2:Runinstances action.
- DUpdate the SCP by changing the denied iam:CreateUser action to iam:Create*.
Unlock SOA-C02 to see the answer
You've previewed enough free SOA-C02 questions. Unlock SOA-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.