Option B is correct because the Deny statement only denies ec2 actions on instances when the requested region is NOT us-east-1. Since DescribeInstances is allowed by the first statement and the Deny does not apply to DescribeInstances (action is ec2:*, but the condition only denies if region is not us-east-1, and if the request is for us-east-1, the condition is false, so the Deny does not apply. However, note that the Deny statement denies all ec2 actions (including DescribeInstances) on instances when the condition is met.
But if the request is for us-east-1, the condition is false, so no Deny, so DescribeInstances in us-east-1 is allowed. Option A is wrong because StopInstances is an ec2 action on an instance, and if the region is us-east-1, the condition is false, so the Deny does not apply, but the Allow statement only allows DescribeInstances, not StopInstances. Since there is no explicit Allow for StopInstances, it is implicitly denied.
Option C is wrong because if the region is us-west-2, the condition is true, so the Deny applies to all ec2 actions on instances, including DescribeInstances, so it is denied. Option D is wrong because although the Deny would apply to StartInstances if region is not us-east-1, but if region is us-east-1, the Deny does not apply, but there is no Allow for StartInstances, so it is implicitly denied.