Amazon Exam DOP-C01 Topic 20 Question 70 Discussion

Actual exam question for Amazon's DOP-C01 exam

Question #: 70
Topic #: 20

A company's legacy application uses IAM user credentials to access resources in the company's AWS Organizations organization. A DevOps engineer needs to ensure new IAM users cannot be created unless the employee creating the IAM user is on an exception list.

Which solution will meet these requirements?

AAttach an Organizations SCP with an explicit deny for all iam:CreateAccessKey actions with a condition that excludes StringNotEquals for aws:username with a value of the exception list.

BAttach an Organizations SCP with an explicit deny for all iam:CreateUser actions with a condition that includes StringEquals for aws:username with a value of the exception list.

CCreate an Amazon EventBridge (Amazon CloudWatch Events) rule with a pattern that matches the iam:CreateAccessKey action with an AWS Lambda function target. The function will check the user name account against an exception list. If the user is not in the exception list, the function will delete the user.

DCreate an Amazon EventBridge (Amazon CloudWatch Events) rule with a pattern that matches the iam:CreateUser action with an AWS Lambda function target. The function will check the user name and account against an exception list. If the user is not in the exception list, the function will delete the user.

Show Suggested Answer

Suggested Answer: B

by Haydee at Feb 06, 2023, 11:51 AM

Limited Time Offer

25%

Off

Get Premium DOP-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!