Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam DOP-C01 Topic 2 Question 89 Discussion

Actual exam question for Amazon's DOP-C01 exam
Question #: 89
Topic #: 2
[All DOP-C01 Questions]

An application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). A DevOps engineer is using AWS CodeDeploy to release a new version. The deployment fails during the AllowTraffic lifecycle event, but a cause for the failure is not indicated in the deployment logs.

What would cause this?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Edna at Apr 09, 2024, 05:53 AM

Limited Time Offer

25%

Off

Get Premium DOP-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Samira
11 months ago
I see your points, but I think option C might work too by using Amazon EventBridge for monitoring and enforcement.
upvoted 0 times
...
Stefania
11 months ago
I disagree, I believe option A is better as it specifically denies the creation of access keys, which is more aligned with the requirement.
upvoted 0 times
...
Maryann
11 months ago
I think option B is the answer because it explicitly denies IAM user creation for those not on the exception list.
upvoted 0 times
...
Odette
11 months ago
That's a good point, but option C) might also work by using Lambda functions to check the exception list before creating a new user.
upvoted 0 times
...
Viola
11 months ago
I prefer option A) as well, it seems more straightforward and easier to implement.
upvoted 0 times
...
Truman
12 months ago
I disagree, I believe option A) is better because it focuses on denying access key creation which is more critical for security.
upvoted 0 times
...
Odette
1 years ago
I think option B) would be the best solution, it explicitly denies creating new IAM users based on the exception list.
upvoted 0 times
...
Chuck
1 years ago
That's a good point. Option A does seem like the most reliable and straightforward solution. It's also more preventative than the EventBridge approach, which could still allow some unauthorized users to be created before they're deleted.
upvoted 0 times
...
Pok
1 years ago
Can we just agree that any solution involving deleting users after the fact is a terrible idea? That's like trying to catch a speeding bullet with your bare hands.
upvoted 0 times
Pete
1 years ago
F: Absolutely, it's all about setting up the right policies from the start to avoid unnecessary cleanup tasks later on.
upvoted 0 times
...
Ronald
1 years ago
E: B) Attach an Organizations SCP with an explicit deny for all iam:CreateUser actions with a condition that includes StringEquals for aws:username with a value of the exception list.
upvoted 0 times
...
Chantell
1 years ago
D: That makes sense, preventing the issue before it occurs is definitely the way to go.
upvoted 0 times
...
Kiley
1 years ago
C: A) Attach an Organizations SCP with an explicit deny for all iam:CreateAccessKey actions with a condition that excludes StringNotEquals for aws:username with a value of the exception list.
upvoted 0 times
...
Phuong
1 years ago
B: I agree, proactively blocking the creation of unauthorized users is much better than constantly having to cleanup after the fact.
upvoted 0 times
...
Cecily
1 years ago
A: B) Attach an Organizations SCP with an explicit deny for all iam:CreateUser actions with a condition that includes StringEquals for aws:username with a value of the exception list.
upvoted 0 times
...
...
Dorsey
1 years ago
I think Option A is the way to go. By using an SCP with a condition that excludes the exception list, we can effectively block the iam:CreateAccessKey action for all non-authorized users. This way, we don't have to worry about race conditions or other potential issues.
upvoted 0 times
...
Becky
1 years ago
I don't know, guys. Wouldn't Option B be simpler since we only need to worry about creating new users, not access keys? Plus, it's more direct - no need for fancy EventBridge rules or Lambda functions.
upvoted 0 times
Moira
12 months ago
In that case, maybe Option A would be more comprehensive. It covers both creating users and access keys.
upvoted 0 times
...
Florinda
12 months ago
I see your point, but what if we also want to prevent creation of access keys for unauthorized users?
upvoted 0 times
...
Pearlene
1 years ago
Option B sounds good to me. We should just deny creating new users for those not in the exception list.
upvoted 0 times
...
...
Dick
1 years ago
I agree, this is a complex scenario. We need to make sure the solution not only meets the requirements but also doesn't introduce any unintended consequences.
upvoted 0 times
...
Dottie
1 years ago
This question is a bit tricky. We need to carefully consider the requirements and the options provided to find the best solution.
upvoted 0 times
...
Norah
1 years ago
Yeah, those options are way too complicated. Why go through all that trouble when you can just use an SCP to explicitly deny the actions you don't want? I vote for Option A.
upvoted 0 times
...
Tasia
1 years ago
Ha! I like how Option C and D try to be sneaky and delete the user after they've been created. Talk about a band-aid on a bullet wound!
upvoted 0 times
...
Mertie
1 years ago
I'm not so sure about that. Option B only denies the CreateUser action, but we also need to prevent new access keys from being created. I think Option A might be a better solution since it covers both CreateUser and CreateAccessKey.
upvoted 0 times
...
Lashon
1 years ago
This question seems pretty straightforward. I think Option B is the best answer here - we need to deny IAM users from being created unless they're on an exception list, and that's exactly what this option does.
upvoted 0 times
...

Save Cancel