Amazon DOP-C02 Exam - Topic 1 Question 58 Discussion

Actual exam question for Amazon's DOP-C02 exam

Question #: 58
Topic #: 1

A company has multiple member accounts that are part of an organization in AWS Organizations. The security team needs to review every Amazon EC2 security group and their inbound and outbound rules. The security team wants to programmatically retrieve this information from the member accounts using an AWS Lambda function in the management account of the organization.

Which combination of access changes will meet these requirements? (Choose three.)

ACreate a trust relationship that allows users in the member accounts to assume the management account IAM role.

DCreate an I AM role in each member account to allow the sts:AssumeRole action against the management account IAM role's ARN.

BCreate a trust relationship that allows users in the management account to assume the IAM roles of the member accounts.

CCreate an IAM role in each member account that has access to the AmazonEC2ReadOnlyAccess managed policy.

FCreate an IAM role in the management account that has access to the AmazonEC2ReadOnlyAccess managed policy.

ECreate an I AM role in the management account that allows the sts:AssumeRole action against the member account IAM role's ARN.

Show Suggested Answer

Suggested Answer: B, C, E

https://aws.amazon.com/premiumsupport/knowledge-center/lambda-function-assume-iam-role/ https://kreuzwerker.de/post/aws-multi-account-setups-reloaded

by Shakira at Jan 22, 2026, 03:01 PM

Limited Time Offer

25%

1 month ago

Hmm, this seems like a tricky one. I'll need to think through the access requirements carefully.

upvoted 0 times

...