A company is reviewing its IAM policies. One policy written by the DevOps engineer has been flagged as too permissive. The policy is used by an AWS Lambda function that issues a stop command to Amazon EC2 instances tagged with Environment: NonProduction over the weekend. The current policy is: What changes should the engineer make to achieve a policy of least permission? (Choose three.)

Questions › Category: DOP-C02 › A company is reviewing its IAM policies. One policy written by the DevOps engineer has been flagged as too permissive. The policy is used by an AWS Lambda function that issues a stop command to Amazon EC2 instances tagged with Environment: NonProduction over the weekend. The current policy is: What changes should the engineer make to achieve a policy of least permission? (Choose three.)

0 Vote Up Vote Down

Admin Staff asked 7 months ago

A company is reviewing its IAM policies. One policy written by the DevOps engineer has been flagged as too permissive. The policy is used by an AWS Lambda function that issues a stop command to Amazon EC2 instances tagged with Environment: NonProduction over the weekend. The current policy is:
 
What changes should the engineer make to achieve a policy of least permission? (Choose three.)

A. Add the following conditional expression:
      

B. Change "Resource": "*"to "Resource": "arn:aws:ec2:*:*:instance/*"

C. Add the following conditional expression:
      

D. Add the following conditional expression:
      

E. Change "Action": "ec2:*"to "Action": "ec2:StopInstances"

F. Add the following conditional expression:
      




 

Suggested Answer: C

Community Answer: B




This question is in DOP-C02 AWS Certified DevOps Engineer – Professional Exam
For getting AWS Certified DevOps Engineer – Professional Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.

A company requires its internal business teams to launch resources through pre-approved AWS CloudFormation templates only. The security team requires automated monitoring when resources drift from their expected state. Which strategy should be used to meet these requirements?

101 Practice Test Free

101-500 Practice Test Free

102-500 Practice Test Free

Recommended

DP-100 Practice Test Free

XK0-005 Practice Test Free

XK0-004 Practice Test Free

SY0-701 Practice Test Free

SY0-601 Practice Test Free

SY0-501 Practice Test Free

Welcome Back!

Create New Account!

Retrieve your password