ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 37 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 37
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has multiple member accounts that are part of an organization in AWS Organizations. The security team needs to review every Amazon EC2 security group and their inbound and outbound rules. The security team wants to programmatically retrieve this information from the member accounts using an AWS Lambda function in the management account of the organization.
Which combination of access changes will meet these requirements? (Choose three.)

  • A. Create a trust relationship that allows users in the member accounts to assume the management account IAM role.
  • B. Create a trust relationship that allows users in the management account to assume the IAM roles of the member accounts.
  • C. Create an IAM role in each member account that has access to the AmazonEC2ReadOnlyAccess managed policy.
  • D. Create an I AM role in each member account to allow the sts:AssumeRole action against the management account IAM role's ARN.
  • E. Create an I AM role in the management account that allows the sts:AssumeRole action against the member account IAM role's ARN.
  • F. Create an IAM role in the management account that has access to the AmazonEC2ReadOnlyAccess managed policy.
Show Suggested Answer Hide Answer
Suggested Answer: BCE 🗳️
by alce2020 at April 16, 2023, 3:54 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tartarus23
Highly Voted 1 year, 6 months ago
Selected Answer: BCE
Explanation: (B) The trust relationship enables an IAM entity (user, group, or role) to assume a role. In this case, the entities in the management account need to assume roles in the member accounts. (C) The IAM role in each member account should have a policy attached that grants read-only access to EC2 instances. The AmazonEC2ReadOnlyAccess managed policy provides this access. (E) An IAM role in the management account should be created that has the permission to perform the sts:AssumeRole action against the member account IAM role's ARN. This allows entities assuming this role to switch to the roles in the member accounts and perform actions according to the permissions of those roles.
upvoted 9 times
...
thanhnv142
Most Recent 11 months ago
BCE are correct: B: create trust relationship for management to assume role in member accounts C: create role in member account that has access to AmazoneEC2 E: Create IAM role in management account that allow access to member account IAM role
upvoted 4 times
...
svjl
1 year, 1 month ago
The security team wants to programmatically retrieve this information from the member accounts using an AWS Lambda function in the management account of the organization. ReadOnlyAccess and option B grant the assumeRole Besides that the correct resource is "IAM" not "I AM" So BCF is correct
upvoted 1 times
...
RVivek
1 year, 4 months ago
Selected Answer: BCE
B- Member accounts should trust Management account C- Memeber accounts should have a Role athat has the necessary permission E- Managment account should have a IAM user account that has stsAssume role permission for the roles created in member accounts
upvoted 1 times
...
incorrigble_maverick
1 year, 4 months ago
BCE is wrong. They want to programmatically therefore B is definitenly wrong. The Lambda function IAM Role ARN in the management account needs to be able to assume a role in the member account that has the AmazonEC2ReadOnlyAccess attached to it. Therefore, I will go with C, D, E
upvoted 2 times
zain1258
1 year, 1 month ago
D is clearly wrong. You are running your lambda function to get details in management account. The IAM role should be in management account with sts:AssumeRole permission to assume IAM roles in member accounts
upvoted 1 times
...
...
DavidPham
1 year, 5 months ago
BCE correct
upvoted 1 times
...
madperro
1 year, 6 months ago
Selected Answer: BCE
BCE is right.
upvoted 1 times
...
bcx
1 year, 7 months ago
B, C and E
upvoted 1 times
...
PhuocT
1 year, 7 months ago
Selected Answer: BCE
B, C and E
upvoted 2 times
...
2pk
1 year, 7 months ago
Selected Answer: ACE
A:By creating a trust relationship that allows users in the member accounts to assume the IAM role in the management account, they will have the necessary permissions to access resources and retrieve the required information. C:To grant the necessary permissions for retrieving information about EC2 security groups, an IAM role should be created in each member account. This role should have the AmazonEC2ReadOnlyAccess managed policy attached, which provides the required permissions. E:In the management account, an IAM role should be created that allows assuming the IAM role in the member accounts. This role should have the necessary permissions to perform the sts:AssumeRole action against the ARN of the IAM roles in the member accounts.
upvoted 2 times
...
ele
1 year, 7 months ago
Selected Answer: BCE
BCE will create correct cross account permission
upvoted 1 times
...
vherman
1 year, 7 months ago
Selected Answer: ACD
acd looks good)
upvoted 1 times
...
marcoforexam
1 year, 8 months ago
Selected Answer: ACD
ACE I guess https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
upvoted 1 times
...
haazybanj
1 year, 8 months ago
Selected Answer: BCE
Correct answer
upvoted 1 times
...
alce2020
1 year, 8 months ago
Selected Answer: BCE
Ill go with BCF
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel