ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 191 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 191
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company is reviewing its IAM policies. One policy written by the DevOps engineer has been flagged as too permissive. The policy is used by an AWS Lambda function that issues a stop command to Amazon EC2 instances tagged with Environment: NonProduction over the weekend. The current policy is:



What changes should the engineer make to achieve a policy of least permission? (Choose three.)

  • A. Add the following conditional expression:

  • B. Change “Resource”: “*” to “Resource”: “arn:aws:ec2:*:*:instance/*”
  • C. Add the following conditional expression:

  • D. Add the following conditional expression:
  • E. Change “Action”: “ec2:*” to “Action”: “ec2:StopInstances”
  • F. Add the following conditional expression:
Show Suggested Answer Hide Answer
Suggested Answer: BDE 🗳️
by ds50421 at March 1, 2023, 2:57 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
easytoo
2 years ago
BEF for me.
upvoted 2 times
...
ParagSanyashiv
2 years ago
Selected Answer: BDE
BDE is correct answer.
upvoted 2 times
...
bgc1
2 years, 2 months ago
Selected Answer: BDE
Option F is made up :-) B - restrict actions to resources of ec2 type D - limit actions to ec2s with tag NonProduction E - only allow stop instance action
upvoted 4 times
...
SHoKMaSTeR
2 years, 2 months ago
Selected Answer: BDE
B. In EC2, select the resource type (instance) arn:partition:service:region:account-id:resource-type/resource-id D. The known tag value E. Do not use wildcard action
upvoted 3 times
...
saeidp
2 years, 2 months ago
Selected Answer: BDE
Based on JDB333 comment F cannot be right In this case only B D E are left
upvoted 3 times
...
saeidp
2 years, 2 months ago
Selected Answer: DEF
I initially selected B E F wrongly. It was a typo
upvoted 1 times
...
JDB333
2 years, 2 months ago
Selected Answer: BDE
aws:datetime:friday doesn't exist so F cannot be right.
upvoted 4 times
Mark1000
2 years, 2 months ago
You are right, I correct -> BDE
upvoted 1 times
...
...
Eah1
2 years, 2 months ago
Selected Answer: BDE
Going with BDE
upvoted 3 times
...
Mark1000
2 years, 2 months ago
DEF A --> Trust relationships (not policy) B and C make no sense
upvoted 1 times
Mark1000
2 years, 2 months ago
Correction -> BDE
upvoted 2 times
...
...
awsgeek
2 years, 2 months ago
DEF https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_ec2-start-stop-tags.html
upvoted 1 times
...
SS2023
2 years, 2 months ago
Selected Answer: DEF
DEF looks good to me.
upvoted 1 times
...
catboy
2 years, 2 months ago
I select DEF
upvoted 1 times
...
saeidp
2 years, 2 months ago
Selected Answer: BEF
I go with B E F
upvoted 1 times
saeidp
2 years, 2 months ago
sorry D E F. Typo in my answere
upvoted 1 times
...
...
CloudFloater
2 years, 2 months ago
Selected Answer: DEF
ABC does not meet requirement
upvoted 2 times
...
ds50421
2 years, 2 months ago
Selected Answer: BDF
BDF is my answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago