Amazon Exam SCS-C01 Topic 5 Question 33 Discussion

Actual exam question for Amazon's SCS-C01 exam

Question #: 33
Topic #: 5

A company wants to establish separate AWS Key Management Service (AWS KMS) keys to use for different AWS services. The company's security engineer created the following key policy lo allow the infrastructure deployment team to create encrypted Amazon Elastic Block Store (Amazon EBS) volumes by assuming the InfrastructureDeployment 1AM role:

The security engineer recently discovered that 1AM roles other than the InfrastructureDeployment role used this key (or other services. Which change to the policy should the security engineer make to resolve these issues?

AIn the statement block that contains the Sid 'Allow use of the key', under the 'Condition' block, change StringEquals to StringLike.

BIn the policy document, remove the statement Dlock that contains the Sid 'Enable 1AM User Permissions'. Add key management policies to the KMS policy.

CIn the statement block that contains the Sid 'Allow use of the Key', under the 'Condition' block, change the Kms:ViaService value to ec2.us-east-1 .amazonaws com.

DIn the policy document, add a new statement block that grants the kms:Disable' permission to the security engineer's IAM role.

Show Suggested Answer

Suggested Answer: C

by Mitzie at Oct 28, 2022, 12:56 AM

Limited Time Offer

25%

Off

Get Premium SCS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!