Amazon Exam AWS-Security-Specialty Topic 5 Question 5 Discussion

Actual exam question for Amazon's AWS-Security-Specialty exam

Question #: 5
Topic #: 5

A Development team has asked for help configuring the IAM roles and policies in a new AWS account. The team using the account expects to have hundreds of master keys and therefore does not want to manage access control for customer master keys (CMKs).

Which of the following will allow the team to manage AWS KMS permissions in IAM without the complexity of editing individual key policies?

AThe account's CMK key policy must allow the account's IAM roles to perform KMS EnableKey.

BNewly created CMKs must have a key policy that allows the root principal to perform all actions.

CNewly created CMKs must allow the root principal to perform the kms CreateGrant API operation.

DNewly created CMKs must mirror the IAM policy of the KMS key administrator.

Show Suggested Answer

Suggested Answer: D

by Brett at Dec 23, 2022, 11:21 AM

Limited Time Offer

25%

Off

Get Premium AWS-Security-Specialty Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!