A Copilot coding agent opens a draft pull request that changes a payment-retention policy and adds a script that can purge archived transactions. The workflow validates the script and posts a plan summary to the PR. A maintainer wants the agent to apply the purge automatically once the validation check passes. The compliance team requires explicit approval before any purge job can access production secrets. Which configuration best satisfies the requirement? Select one answer.
Choose an answer
Tap an option to check your answer.
Correct answer: Put the purge job behind a protected environment.
Why this is the answer
A protected environment is the best solution because it allows for manual approval before sensitive actions, like purging production data, are executed. This directly addresses the compliance team's requirement for explicit approval before accessing production secrets. Running the purge in the same job after validation bypasses the necessary explicit approval, creating a security risk. Allowing Copilot to approve the pull request also circumvents human oversight and the compliance requirement. Triggering the purge with a scheduled workflow doesn't provide the immediate, explicit approval needed for each specific purge operation, and could still run without the required human gate.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed