ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 326 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 326
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company uses an organization in AWS Organizations to manage its 500 AWS accounts. The organization has all features enabled. The AWS accounts are in a single OU. The developers need to use the CostCenter tag key for all resources in the organization's member accounts. Some teams do not use the CostCenter tag key to tag their Amazon EC2 instances.

The cloud team wrote a script that scans all EC2 instances in the organization's member accounts. If the EC2 instances do not have a CostCenter tag key, the script will notify AWS account administrators. To avoid this notification, some developers use the CostCenter tag key with an arbitrary string in the tag value.

The cloud team needs to ensure that all EC2 instances in the organization use a CostCenter tag key with the appropriate cost center value.

Which solution will meet these requirements?

  • A. Create an SCP that prevents the creation of EC2 instances without the CostCenter tag key. Create a tag policy that requires the CostCenter tag to be values from a known list of cost centers for all EC2 instances. Attach the policy to the OU. Update the script to scan the tag keys and tag values. Modify the script to update noncompliant resources with a default approved tag value for the CostCenter tag key.
  • B. Create an SCP that prevents the creation of EC2 instances without the CostCenter tag key. Attach the policy to the OU. Update the script to scan the tag keys and tag values and notify the administrators when the tag values are not valid.
  • C. Create an SCP that prevents the creation of EC2 instances without the CostCenter tag key. Attach the policy to the OU. Create an IAM permission boundary in the organization's member accounts that restricts the CostCenter tag values to a list of valid cost centers.
  • D. Create a tag policy that requires the CostCenter tag to be values from a known list of cost centers for all EC2 instances. Attach the policy to the OU. Configure an AWS Lambda function that adds an empty CostCenter tag key to an EC2 instance. Create an Amazon EventBridge rule that matches events to the RunInstances API action with the Lambda function as the target.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by f4b18ba at Nov. 22, 2024, 9:18 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
f4b18ba
Highly Voted 5 months, 1 week ago
Selected Answer: A
Service Control Policy (SCP): Creating an SCP ensures that any attempt to create EC2 instances without the CostCenter tag key is denied right from the start. This enforces the requirement at the organizational level. Tag Policy: By creating a tag policy that enforces the CostCenter tag values to be from a known list, you can ensure that only valid cost center values are used across all EC2 instances. Script Update: Updating the script to not only scan for tag keys and values but also to update noncompliant resources with a default approved tag value ensures compliance and mitigates the issue of arbitrary string values. Comprehensive Solution: This approach addresses both the presence of the CostCenter tag and the correctness of its value, providing a comprehensive solution to the problem.
upvoted 6 times
...
Srikantha
Most Recent 4 weeks, 1 day ago
Selected Answer: A
SCP to require the CostCenter tag key: Prevents users from launching EC2 instances without the required tag. Tag policy to validate values: AWS tag policies can enforce allowed values for tag keys like CostCenter, across all accounts in an OU. Script enhancement for compliance: Script detects noncompliant resources and applies a default value, maintaining tag integrity and reducing manual intervention.
upvoted 2 times
...
Changwha
5 months, 1 week ago
Selected Answer: A
The answer is A
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago