DOP-C02 · Question #416
DOP-C02 Question #416: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #416. The question stem and answer options stay visible for context.
Question
A company manages environments for its application in multiple AWS accounts. Each environment account is in a different OU in AWS Organizations. A DevOps team is responsible for the application deployment process across the environments. The deployment process uses an AWS CodePipeline pipeline in a Shared Services account. The DevOps team members are in the same user group. The team members have administrative access to all accounts through AWS IAM Identity Center. A recent deployment problem in the development environment required the DevOps team to perform manual steps. The deployment to the production environment then resulted in an incident that caused the pipeline to fail, which blocked new deployments for several hours. A DevOps engineer needs to ensure that only the pipeline can perform deployments in the production environment. The DevOps engineer must have access to the environment in case of an emergency. Which solution will meet these requirements with the MOST operational efficiency?
Options
- AUpdate the DevOps group to have the ReadOnlyAccess permission set for the production
- BCreate an SCP that denies all write actions for the DevOps team members on the production OU.
- CUpdate the DevOps group to be able to assume the pipeline role for the production accounts.
- DCreate an SCP that denies all write actions for the DevOps team members on the production OU.
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.