ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 65 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 65
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company has multiple child accounts that are part of an organization in AWS Organizations. The security team needs to review every Amazon EC2 security group and their inbound and outbound rules. The security team wants to programmatically retrieve this information from the child accounts using an AWS Lambda function in the management account of the organization.
Which combination of access changes will meet these requirements? (Choose three.)

  • A. Create a trust relationship that allows users in the child accounts to assume the management account IAM role.
  • B. Create a trust relationship that allows users in the management account to assume the IAM roles of the child accounts.
  • C. Create an IAM role in each child account that has access to the AmazonEC2ReadOnlyAccess managed policy.
  • D. Create an IAM role in each child account to allow the sts:AssumeRole action against the management account IAM role's ARN.
  • E. Create an IAM role in the management account that allows the sts:AssumeRole action against the child account IAM role's ARN.
  • F. Create an IAM role in the management account that has access to the AmazonEC2ReadOnlyAccess managed policy.
Show Suggested Answer Hide Answer
Suggested Answer: BCE 🗳️
by helloworldabc at Sept. 5, 2022, 9:44 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sasa33_p
2 years, 2 months ago
Selected Answer: BCE
BCE is correct.
upvoted 1 times
...
asfsdfsdf
2 years, 2 months ago
Selected Answer: BCE
BCE - no other correct answers
upvoted 1 times
...
saeidp
2 years, 2 months ago
Selected Answer: BCE
BCE is the best answer.
upvoted 2 times
...
BelloMio
2 years, 2 months ago
BCE. Think of Control Tower, we have the AWSControlTowerExecution role. C - This role has to be present in every single child account. It will have the permissions needed to perform the required actions B - This role has a trust relationship to the management account users. In the E - We have AWSControlTowerAdmin role in the management account that has sts assumerole on the child accounts AWSControlTowerExecution roles
upvoted 1 times
...
Piccaso
2 years, 3 months ago
Selected Answer: BEF
The other three, ACD, look undoable.
upvoted 1 times
...
Bulti
2 years, 3 months ago
BCE are the correct answers.
upvoted 2 times
...
Goozian
2 years, 7 months ago
Selected Answer: BCE
watch this AWS Video; well explained => https://www.youtube.com/watch?v=20tr9gUY4i0
upvoted 3 times
...
ohcn
2 years, 8 months ago
BCE make sense.
upvoted 1 times
...
SamHan
2 years, 8 months ago
Selected Answer: BCE
Ans: BCE
upvoted 1 times
...
helloworldabc
2 years, 8 months ago
B,C,EEEEE
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago