DOP-C02 · Question #397
DOP-C02 Question #397: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #397. The question stem and answer options stay visible for context.
Question
A company has an AWS account named PipelineAccount. The account manages a pipeline in AWS CodePipeline. The account uses an IAM role named CodePipeline_Service_Role and produces an artifact that is stored in an Amazon S3 bucket. The company uses a customer managed AWS KMS key to encrypt objects in the S3 bucket. A DevOps engineer wants to configure the pipeline to use an AWS CodeDeploy application in an AWS account named CodeDeployAccount to deploy the produced artifact. The DevOps engineer updates the KMS key policy to grant the CodeDeployAccount account permission to use the key. The DevOps engineer configures an IAM role named DevOps_Role in the CodeDeployAccount account that has access to the CodeDeploy resources that the pipeline requires. The DevOps engineer updates an Amazon EC2 instance role that operates within the CodeDeployAccount account to allow access to the S3 bucket and the KMS key that is in the PipelineAccount account. Which additional steps will meet these requirements?
Options
- AUpdate the S3 bucket policy to grant the CodeDeployAccount account access to the S3 bucket.
- BUpdate the S3 bucket policy to grant the CodeDeployAccount account access to the S3 bucket.
- CUpdate the S3 bucket policy to grant the PipelineAccount account access to the S3 bucket.
- DUpdate the S3 bucket policy to grant the CodeDeployAccount account access to the S3 bucket.
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.