Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam DOP-C02 Topic 9 Question 21 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 21
Topic #: 9
[All DOP-C02 Questions]

A company is reviewing its 1AM policies. One policy written by the DevOps engineer has been (lagged as too permissive. The policy is used by an AWS Lambda function that issues a stop command to Amazon EC2 instances tagged with Environment: NonProduccion over the weekend. The current policy is:

What changes should the engineer make to achieve a policy ot least permission? (Select THREE.)

A.

B.

C.

D.

E.

F.

Show Suggested Answer Hide Answer
Suggested Answer: A, B, D

The engineer should make the following changes to achieve a policy of least permission:

A:Add a condition to ensure that the principal making the request is an AWS Lambda function. This ensures that only Lambda functions can execute this policy.

B:Narrow down the resources by specifying the ARN of EC2 instances instead of allowing all resources. This ensures that the policy only affects EC2 instances.

D:Add a condition to ensure that this policy only applies to EC2 instances tagged with ''Environment: NonProduction''. This ensures that production environments are not affected by this policy.


AWS Identity and Access Management (IAM) - AWS Documentation

Certified DevOps Engineer - Professional (DOP-C02) Study Guide(page 179)

by Alease at Apr 12, 2024, 08:02 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Viva
10 months ago
Exactly, we need to limit the actions the Lambda function can perform.
upvoted 0 times
...
Roslyn
10 months ago
Yes, that would restrict access and make it more secure.
upvoted 0 times
...
Major
10 months ago
I think adding conditions to the policy would definitely help.
upvoted 0 times
...
Viva
10 months ago
I believe options A, C, and D could help achieve a least privilege policy.
upvoted 0 times
...
Roslyn
10 months ago
I agree, we need to make it more secure.
upvoted 0 times
...
Major
11 months ago
I think the current policy is too permissive.
upvoted 0 times
...
Antonio
11 months ago
Yes, limiting the action to only what is necessary is a best practice in security policies.
upvoted 0 times
...
Shoshana
11 months ago
I also believe changing the Action from 'ec2:StopInstances' to 'ec2:StopInstances' would be a good move.
upvoted 0 times
...
Denae
11 months ago
I agree, that would definitely reduce the permissions and make it more secure.
upvoted 0 times
...
Antonio
11 months ago
I think the engineer should remove the unnecessary resource star in the resource section.
upvoted 0 times
...
Pamella
1 years ago
Haha, imagine if the policy was even more permissive - like 'Stop all instances, even the production ones!' That would be a real disaster waiting to happen. But yeah, B, D, and F sound like a good way to go here.
upvoted 0 times
...
Amie
1 years ago
Alright, let's do this! I'm feeling good about A, C, and E. Gotta keep those permissions locked down tight, you know?
upvoted 0 times
...
Arthur
1 years ago
Yeah, this is a tricky one. We need to find the right balance between security and functionality. I'm leaning towards B, D, and E - that should give us the least permissive policy while still allowing the necessary actions.
upvoted 0 times
...
Willard
1 years ago
I agree, this policy is way too open. Restricting the actions to only the necessary ones makes a lot of sense. I'd also add option C to the mix - we don't want to accidentally stop any production instances.
upvoted 0 times
...
Carey
1 years ago
Haha, yeah these IAM policy questions can be like a puzzle. I'm going with A, B, and D - seems like the most restrictive approach.
upvoted 0 times
Frankie
11 months ago
F: So, A, C, and D could be the best combination then.
upvoted 0 times
...
Dustin
12 months ago
E: I agree, C might provide additional security measures.
upvoted 0 times
...
Owen
12 months ago
D: Maybe C could be useful too, along with A and D.
upvoted 0 times
...
Cassi
12 months ago
C: Yeah, A and D seem necessary for tightening the policy.
upvoted 0 times
...
Shaunna
12 months ago
B: I'm not sure about B, but A and D are definitely important.
upvoted 0 times
...
Helaine
12 months ago
A: I think A, B, and D is a good choice.
upvoted 0 times
...
...
Lyla
1 years ago
Ooh, this is a good one. I'm leaning towards A, B, and F. Gotta love these IAM policy questions, they really make you think!
upvoted 0 times
...
Ronald
1 years ago
Hmm, this policy seems pretty permissive. We definitely need to tighten it up to achieve least privilege. I'm thinking we should go with options B, D, and F.
upvoted 0 times
...
Zena
1 years ago
Hmm, let me take a closer look at the options. I think A, B, and E are the best choices here to achieve least permission.
upvoted 0 times
Grover
11 months ago
I agree, those options seem to be the best for achieving least permission.
upvoted 0 times
...
Aretha
11 months ago
I think we should choose options A, B, and E.
upvoted 0 times
...
...
Lashaunda
1 years ago
I agree, the current policy is way too permissive. We need to really lock it down and only allow the bare minimum required permissions.
upvoted 0 times
...
Luz
1 years ago
This is a tricky question, but I think the key is to minimize the permissions as much as possible. The current policy seems quite broad, so we'll need to tighten it up.
upvoted 0 times
...

Save Cancel