ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 106 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 106
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company uses AWS CodeCommit for source code control. Developers apply their changes to various feature branches and create pull requests to move those changes to the main branch when the changes are ready for production.

The developers should not be able to push changes directly to the main branch. The company applied the AWSCodeCommitPowerUser managed policy to the developers’ IAM role, and now these developers can push changes to the main branch directly on every repository in the AWS account.

What should the company do to restrict the developers’ ability to push changes to the main branch directly?

  • A. Create an additional policy to include a Deny rule for the GitPush and PutFile actions. Include a restriction for the specific repositories in the policy statement with a condition that references the main branch.
  • B. Remove the IAM policy, and add an AWSCodeCommitReadOnly managed policy. Add an Allow rule for the GitPush and PutFile actions for the specific repositories in the policy statement with a condition that references the main branch.
  • C. Modify the IAM policy. Include a Deny rule for the GitPush and PutFile actions for the specific repositories in the policy statement with a condition that references the main branch.
  • D. Create an additional policy to include an Allow rule for the GitPush and PutFile actions. Include a restriction for the specific repositories in the policy statement with a condition that references the feature branches.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by devnv at May 14, 2023, 12:16 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Just_Ninja
Highly Voted 1 year, 11 months ago
Selected Answer: A
A is possible! If you think C is correct, then you should know that a policy managed by AWS cannot be modified.
upvoted 15 times
...
jamesf
Most Recent 10 months, 4 weeks ago
Selected Answer: A
Not C as AWS managed policy cannot be modified
upvoted 1 times
...
zijo
1 year ago
Selected Answer: A
AWS Managed Policies are read-only, meaning you cannot modify their contents. If you need a similar policy with slight modifications, you can copy the managed policy and create a customer-managed policy.
upvoted 2 times
...
dkp
1 year, 2 months ago
Selected Answer: A
it s A.
upvoted 1 times
...
thanhnv142
1 year, 4 months ago
Selected Answer: A
A is correct: <The developers should not be able to push changes directly to the main branch> means we should deny these permissions in IAM policy. <managed polic> means we should add another policy, not modify this one. B: <Remove the IAM policy>: this is an managed policy, cannot remove it C: Cannot modify a managed policy. We can only create another policy D: This option would deny commiting code to every sub-branches, which is not correct
upvoted 3 times
...
giovanna_mag
1 year, 6 months ago
Selected Answer: A
A, AWS managed policy cannot be modified, additional policy must be attached with a DENY
upvoted 3 times
...
Blueee
1 year, 12 months ago
Selected Answer: A
A is correct
upvoted 1 times
...
rhinozD
2 years ago
Selected Answer: A
AWSCodeCommitPowerUser is an AWS-managed policy. So you need to add an additional policy to deny push to the main branch directly.
upvoted 3 times
...
Kodoma
2 years, 1 month ago
A is correct
upvoted 1 times
...
Ryan1002
2 years, 1 month ago
Selected Answer: A
It`s A
upvoted 2 times
...
PhuocT
2 years, 1 month ago
Selected Answer: C
C, why we need to create an additional policy?
upvoted 2 times
EricZhang
2 years, 1 month ago
You can never modify a managed policy
upvoted 5 times
...
...
devnv
2 years, 1 month ago
A is correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel