DumpsBox
Home/amazon aws/Free AWS DOP-C02 Actual Exam Questions/Question 10
← Back to Exam

Free AWS DOP-C02 Actual Exam Questions - Question 10 Discussion

Question No. 10
A company is using AWS CodePipeline to deploy an application. According to a new guideline, a
member of the company's security team must sign off on any application changes before the changes
are deployed into production. The approval must be recorded and retained.
Which combination of actions will meet these requirements? (Select TWO.)
Select all that apply, then reveal solution.
US
RT
Ryan T.
2026-02-16

It’s definitely E for the manual approval since it’s made exactly for that kind of sign-off process. For the second pick, I’d go with A because CloudWatch Logs give you detailed, timestamped records of all pipeline actions, which fits the requirement to record and retain the approval. CloudTrail (C) is more about API calls and might not capture the manual approval details as clearly as CloudWatch does. B sounds useful but it’s not as explicit about capturing approvals as logs are. So E and A seem like a solid combo here.

0
SY
Shah Y.
2026-02-08

E imo for the manual approval part since it's designed for explicit sign-offs. For retention, B works well because storing pipeline stage data in S3 keeps a clear record of changes over time.

0
SY
Shah Y.
2026-02-03

Maybe E for the manual approval since it’s built for sign-offs. For retention, B could work to save pipeline info stage-by-stage in S3, making logs easy to access and keep.

0
SY
Shah Y.
2026-01-29

E for manual approval plus B to store logs directly in S3 for retention.

0
SY
Shah Y.
2026-01-25

E imo because manual approval is the standard way to get explicit sign-off inside CodePipeline. For retention, C also makes sense since CloudTrail logs API calls including approvals, which provides an audit trail outside the pipeline itself. B sounds useful but it’s more about logging pipeline progress, not specific approvals, and A doesn’t capture approvals either. D could work but seems more complicated than needed when manual approval actions exist natively.

0
RG
Rizwan G.
2026-01-25

Option E seems like a straightforward way to get the security team involved directly in the pipeline with manual approval. For recording and retaining the approval, option C makes sense since CloudTrail logs all API calls, including manual approvals, and delivers them to S3 for long-term storage. That way, you have an independent audit trail outside of CodePipeline. Options A and B don’t specifically track approvals, and D might be overcomplicating things when manual approval is built-in.

0
RP
Ravi P.
2026-01-17

Not A, because CloudWatch Logs isn’t specifically for approvals. E looks right for manual security sign-off.

0