Skip to Content

Amazon DOP-C02: What will be the outcome of policy replacement

By: Author Alex Lim

Posted on

Categories Exam

Learn how replacing the FullAWSAccess policy in an AWS Organizations Environments OU with a policy that allows all actions on Amazon EC2 resources will impact users in the Development OU. Understand the implications and best practices for managing AWS access with AWS Organizations.

Table of Contents

Question

A company uses AWS Organizations to manage its AWS accounts. The organization root has an OU that is named Environments. The Environments OU has two child OUs that are named Development and Production, respectively.

The Environments OU and the child OUs have the default FullAWSAccess policy in place. A DevOps engineer plans to remove the FullAWSAccess policy from the Development OU and replace the policy with a policy that allows all actions on Amazon EC2 resources.

What will be the outcome of this policy replacement?

A. All users in the Development OU will be allowed all API actions on all resources.
B. All users in the Development OU will be allowed all API actions on EC2 resources. All other API actions will be denied.
C. All users in the Development OU will be denied all API actions on all resources.
D. All users in the Development OU will be denied all API actions on EC2 resources. All other API actions will be allowed.

Answer

B. All users in the Development OU will be allowed all API actions on EC2 resources. All other API actions will be denied.

Explanation

When the FullAWSAccess policy is removed from the Development OU and replaced with a policy that allows all actions on Amazon EC2 resources, users in the Development OU will be granted the permissions specified in the new policy. Since the new policy allows all actions on EC2 resources, users in the Development OU will be able to perform all API actions on EC2 resources. However, since the policy does not grant permissions for all other API actions, those actions will be denied for users in the Development OU.

Amazon AWS Certified DevOps Engineer – Professional DOP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified DevOps Engineer – Professional DOP-C02 exam and earn Amazon AWS Certified DevOps Engineer – Professional DOP-C02 certification.