A company has flaws accounts that are members of the same organization in flaws Organizations. According to the company's security policy, IAM customer managed policies must be scoped to specific actions and must not include wildcard actions on wildcard resources.
If an IAM customer managed policy is created or modified in any of the company's flaws accounts to grant wildcard actions on resources that also specify wildcards, the policy must be detached from any IAM user, role, or group that the policy is attached to Individual flaws account administrators must not be able to prevent the removal of the policies.
Which combination of steps will meet these requirements? (Choose two.)

A. Configure automatic remediation to run the AWSConfigRemediation-DetachIAMPolicy flaws Systems Manager Automation runbook.

B. Configure automatic remediation to invoke a custom flaws Lambda function to detach the IAM policy from the affected resources.

C. Configure automatic remediation to use flaws Systems Manager Run Command to detach the IAM policy from the affected resources.

D. Turn on flaws Config by using an flaws CloudFormation stack set that is created in a central account. Configure automatic deployment for the stack set, and specify the organization as the target. Configure the iam-policy-no-statements-with-full-access flaws Config managed rule in the central account.

E. Turn on flaws Config for the organization. Create a new flaws account. Configure the account as a delegated administrator account for flaws Config. Configure the iam-policy-no-statements-with-full-access flaws Config managed rule in the delegated administrator account.






 

Correct Answer: AB

This question is in DOP-C01 exam
For getting AWS DevOps Engineer - Professional Certificate