New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon DOP-C02 Exam - Topic 9 Question 21 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 21
Topic #: 9
[All DOP-C02 Questions]

A company is reviewing its 1AM policies. One policy written by the DevOps engineer has been (lagged as too permissive. The policy is used by an AWS Lambda function that issues a stop command to Amazon EC2 instances tagged with Environment: NonProduccion over the weekend. The current policy is:

What changes should the engineer make to achieve a policy ot least permission? (Select THREE.)

A.

B.

C.

D.

E.

F.

Show Suggested Answer Hide Answer
Suggested Answer: A, B, D

The engineer should make the following changes to achieve a policy of least permission:

A:Add a condition to ensure that the principal making the request is an AWS Lambda function. This ensures that only Lambda functions can execute this policy.

B:Narrow down the resources by specifying the ARN of EC2 instances instead of allowing all resources. This ensures that the policy only affects EC2 instances.

D:Add a condition to ensure that this policy only applies to EC2 instances tagged with ''Environment: NonProduction''. This ensures that production environments are not affected by this policy.


AWS Identity and Access Management (IAM) - AWS Documentation

Certified DevOps Engineer - Professional (DOP-C02) Study Guide(page 179)

by Alease at Apr 12, 2024, 08:02 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ernie
3 months ago
Just tag it properly, and it should be fine!
upvoted 0 times
...
Ailene
3 months ago
I disagree, we need more access for maintenance tasks.
upvoted 0 times
...
Rasheeda
3 months ago
Wait, why are we stopping EC2 instances over the weekend?
upvoted 0 times
...
Jannette
4 months ago
I think Option B is the best choice!
upvoted 0 times
...
Lettie
4 months ago
The policy is definitely too permissive.
upvoted 0 times
...
Tennie
4 months ago
I think we should also consider the time frame for the Lambda function's execution. Limiting it to weekends might be important, but I can't recall the exact syntax for that.
upvoted 0 times
...
Thora
4 months ago
I feel like we need to focus on the tags for the EC2 instances. Maybe we should ensure the policy only applies to instances with the correct tag?
upvoted 0 times
...
Merilyn
4 months ago
This question reminds me of a practice scenario where we had to limit permissions for Lambda functions. I think we should definitely remove any wildcard actions.
upvoted 0 times
...
Matilda
5 months ago
I remember we discussed the principle of least privilege in class, but I'm not sure which specific actions to restrict here.
upvoted 0 times
...
Detra
5 months ago
I'm feeling pretty confident about this one. The policy is already quite restrictive, so I just need to identify the changes that further tighten the permissions.
upvoted 0 times
...
Lucy
5 months ago
This seems straightforward enough. I'll select the options that limit the permissions to only what's required for the specific use case.
upvoted 0 times
...
Corrie
5 months ago
Okay, I think I've got a handle on this. The key is to restrict the actions and resources as much as possible while still allowing the necessary functionality.
upvoted 0 times
...
Leatha
5 months ago
Hmm, I'm a bit confused by the different options. I'll need to review the policy details and the AWS documentation to make sure I understand the implications of each change.
upvoted 0 times
...
Remona
5 months ago
This looks like a tricky IAM policy question. I'll need to carefully analyze the current policy and the options to determine the least permissive changes.
upvoted 0 times
...
Salley
5 months ago
Deferred tax assets and liabilities - that's a tricky one. I'll have to make sure I understand the rules around those.
upvoted 0 times
...
Janey
5 months ago
I'm a bit confused by the wording of the question. Can someone clarify what exactly a "preview outbound dialer" is?
upvoted 0 times
...
Lynsey
5 months ago
Okay, let me see here. The question is asking about the window that allows you to edit data, so I'm thinking it's probably either the Interface Lines window or the Interface Corrections window. I'll go with Interface Corrections window as my best guess.
upvoted 0 times
...
Viva
2 years ago
Exactly, we need to limit the actions the Lambda function can perform.
upvoted 0 times
...
Roslyn
2 years ago
Yes, that would restrict access and make it more secure.
upvoted 0 times
...
Major
2 years ago
I think adding conditions to the policy would definitely help.
upvoted 0 times
...
Viva
2 years ago
I believe options A, C, and D could help achieve a least privilege policy.
upvoted 0 times
...
Roslyn
2 years ago
I agree, we need to make it more secure.
upvoted 0 times
...
Major
2 years ago
I think the current policy is too permissive.
upvoted 0 times
...
Antonio
2 years ago
Yes, limiting the action to only what is necessary is a best practice in security policies.
upvoted 0 times
...
Shoshana
2 years ago
I also believe changing the Action from 'ec2:StopInstances' to 'ec2:StopInstances' would be a good move.
upvoted 0 times
...
Denae
2 years ago
I agree, that would definitely reduce the permissions and make it more secure.
upvoted 0 times
...
Antonio
2 years ago
I think the engineer should remove the unnecessary resource star in the resource section.
upvoted 0 times
...
Pamella
2 years ago
Haha, imagine if the policy was even more permissive - like 'Stop all instances, even the production ones!' That would be a real disaster waiting to happen. But yeah, B, D, and F sound like a good way to go here.
upvoted 0 times
...
Amie
2 years ago
Alright, let's do this! I'm feeling good about A, C, and E. Gotta keep those permissions locked down tight, you know?
upvoted 0 times
...
Arthur
2 years ago
Yeah, this is a tricky one. We need to find the right balance between security and functionality. I'm leaning towards B, D, and E - that should give us the least permissive policy while still allowing the necessary actions.
upvoted 0 times
...
Willard
2 years ago
I agree, this policy is way too open. Restricting the actions to only the necessary ones makes a lot of sense. I'd also add option C to the mix - we don't want to accidentally stop any production instances.
upvoted 0 times
...
Carey
2 years ago
Haha, yeah these IAM policy questions can be like a puzzle. I'm going with A, B, and D - seems like the most restrictive approach.
upvoted 0 times
Frankie
2 years ago
F: So, A, C, and D could be the best combination then.
upvoted 0 times
...
Dustin
2 years ago
E: I agree, C might provide additional security measures.
upvoted 0 times
...
Owen
2 years ago
D: Maybe C could be useful too, along with A and D.
upvoted 0 times
...
Cassi
2 years ago
C: Yeah, A and D seem necessary for tightening the policy.
upvoted 0 times
...
Shaunna
2 years ago
B: I'm not sure about B, but A and D are definitely important.
upvoted 0 times
...
Helaine
2 years ago
A: I think A, B, and D is a good choice.
upvoted 0 times
...
...
Lyla
2 years ago
Ooh, this is a good one. I'm leaning towards A, B, and F. Gotta love these IAM policy questions, they really make you think!
upvoted 0 times
...
Ronald
2 years ago
Hmm, this policy seems pretty permissive. We definitely need to tighten it up to achieve least privilege. I'm thinking we should go with options B, D, and F.
upvoted 0 times
...
Zena
2 years ago
Hmm, let me take a closer look at the options. I think A, B, and E are the best choices here to achieve least permission.
upvoted 0 times
Grover
2 years ago
I agree, those options seem to be the best for achieving least permission.
upvoted 0 times
...
Aretha
2 years ago
I think we should choose options A, B, and E.
upvoted 0 times
...
...
Lashaunda
2 years ago
I agree, the current policy is way too permissive. We need to really lock it down and only allow the bare minimum required permissions.
upvoted 0 times
...
Luz
2 years ago
This is a tricky question, but I think the key is to minimize the permissions as much as possible. The current policy seems quite broad, so we'll need to tighten it up.
upvoted 0 times
...

Save Cancel