Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Professional
  5. DOP-C02 Discussions
  6. DOP-C02 Exam Topic 4 Question 34 Discussion
 Amazon Web Services Discussions
Exam DOP-C02 All Questions
Exam DOP-C02 All Questions

View all questions & answers for the DOP-C02 exam

Go to Exam

Amazon Web Services AWS Certified Professional DOP-C02 Question # 34 Topic 4 Discussion

DOP-C02 Exam Topic 4 Question 34 Discussion:
Question #: 34
Topic #: 4

A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company has enabled all features for the organization. The member accounts under one OU contain S3 buckets that store sensitive data.

A DevOps engineer wants to ensure that only IAM principals from within the organization can access the S3 buckets in the OU.

Which solution will meet this requirement?
A.

Create an SCP in the management account of the organization to restrict Amazon S3 actions by using the aws:PrincipalAccount condition. Apply the SCP to the OU.

B.

Create an IAM permissions boundary in the management account of the organization to restrict access to Amazon S3 actions by using the aws:PrincipalOrgID condition.

C.

Configure AWS Resource Access Manager (AWS RAM) to restrict access to S3 buckets in the OU so the S3 buckets cannot be shared outside the organization.

D.

Create a resource control policy (RCP) in the management account of the organization to restrict Amazon S3 actions by using the aws:PrincipalOrgID condition. Apply the RCP to the OU.

Get Premium DOP-C02 Questions
Actual exam question for Amazon Web Services DOP-C02 exam by Eris1908 at May 2, 2026, 7:37:28 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit