Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam DOP-C02 Topic 9 Question 21 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 21
Topic #: 9
[All DOP-C02 Questions]

A company is reviewing its 1AM policies. One policy written by the DevOps engineer has been (lagged as too permissive. The policy is used by an AWS Lambda function that issues a stop command to Amazon EC2 instances tagged with Environment: NonProduccion over the weekend. The current policy is:

What changes should the engineer make to achieve a policy ot least permission? (Select THREE.)

A.

B.

C.

D.

E.

F.

Show Suggested Answer Hide Answer
Suggested Answer: A, B, D

The engineer should make the following changes to achieve a policy of least permission:

A:Add a condition to ensure that the principal making the request is an AWS Lambda function. This ensures that only Lambda functions can execute this policy.

B:Narrow down the resources by specifying the ARN of EC2 instances instead of allowing all resources. This ensures that the policy only affects EC2 instances.

D:Add a condition to ensure that this policy only applies to EC2 instances tagged with ''Environment: NonProduction''. This ensures that production environments are not affected by this policy.


AWS Identity and Access Management (IAM) - AWS Documentation

Certified DevOps Engineer - Professional (DOP-C02) Study Guide(page 179)

by Alease at Apr 12, 2024, 08:02 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Pamella
7 days ago
Haha, imagine if the policy was even more permissive - like 'Stop all instances, even the production ones!' That would be a real disaster waiting to happen. But yeah, B, D, and F sound like a good way to go here.
upvoted 0 times
...
Amie
7 days ago
Alright, let's do this! I'm feeling good about A, C, and E. Gotta keep those permissions locked down tight, you know?
upvoted 0 times
...
Arthur
9 days ago
Yeah, this is a tricky one. We need to find the right balance between security and functionality. I'm leaning towards B, D, and E - that should give us the least permissive policy while still allowing the necessary actions.
upvoted 0 times
...
Willard
9 days ago
I agree, this policy is way too open. Restricting the actions to only the necessary ones makes a lot of sense. I'd also add option C to the mix - we don't want to accidentally stop any production instances.
upvoted 0 times
...
Carey
10 days ago
Haha, yeah these IAM policy questions can be like a puzzle. I'm going with A, B, and D - seems like the most restrictive approach.
upvoted 0 times
...
Lyla
10 days ago
Ooh, this is a good one. I'm leaning towards A, B, and F. Gotta love these IAM policy questions, they really make you think!
upvoted 0 times
...
Ronald
10 days ago
Hmm, this policy seems pretty permissive. We definitely need to tighten it up to achieve least privilege. I'm thinking we should go with options B, D, and F.
upvoted 0 times
...
Zena
12 days ago
Hmm, let me take a closer look at the options. I think A, B, and E are the best choices here to achieve least permission.
upvoted 0 times
...
Lashaunda
13 days ago
I agree, the current policy is way too permissive. We need to really lock it down and only allow the bare minimum required permissions.
upvoted 0 times
...
Luz
15 days ago
This is a tricky question, but I think the key is to minimize the permissions as much as possible. The current policy seems quite broad, so we'll need to tighten it up.
upvoted 0 times
...

Save Cancel