DOP-C02 · Question #136
DOP-C02 Question #136: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #136. The question stem and answer options stay visible for context.
Question
A company is building a new pipeline by using AWS CodePipeline and AWS CodeBuild in a build account. The pipeline consists of two stages. The first stage is a CodeBuild job to build and package an AWS Lambda function. The second stage consists of deployment actions that operate on two different AWS accounts: a development environment account and a production environment account. The deployment stages use the AWS CloudFormation action that CodePipeline invokes to deploy the infrastructure that the Lambda function requires. A DevOps engineer creates the CodePipeline pipeline and configures the pipeline to encrypt build artifacts by using the AWS Key Management Service (AWS KMS) AWS managed key for Amazon S3 (the aws/s3 key). The artifacts are stored in an S3 bucket. When the pipeline runs, the CloudFormation actions fail with an access denied error. Which combination of actions must the DevOps engineer perform to resolve this error? (Choose two.)
Options
- ACreate an S3 bucket in each AWS account for the artifacts. Allow the pipeline to write to the S3
- BCreate a customer managed KMS key. Configure the KMS key policy to allow the IAM roles used by
- CCreate an AWS managed KMS key. Configure the KMS key policy to allow the development account
- DIn the development account and in the production account, create an IAM role for CodePipeline.
- EIn the development account and in the production account, create an IAM role for CodePipeline.
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.