Multiple Choice
A Development team has asked for help configuring the IAM roles and policies in a new AWS account. The team using the account expects to have hundreds of master keys and therefore does not want to manage access control for customer master keys (CMKs) . Which of the following will allow the team to manage AWS KMS permissions in IAM without the complexity of editing individual key policies?
A) The account's CMK key policy must allow the account's IAM roles to perform KMS EnableKey.
B) Newly created CMKs must have a key policy that allows the root principal to perform all actions.
C) Newly created CMKs must allow the root principal to perform the kms CreateGrant API operation.
D) Newly created CMKs must mirror the IAM policy of the KMS key administrator.
Correct Answer:
Verified
Correct Answer:
Verified
Q50: A company has a forensic logging use
Q51: A company requires that SSH commands used
Q52: A security team is implementing a centralized
Q53: A Web Administrator for the website example.com
Q54: A Security Engineer accidentally deleted the imported
Q56: An Application team has requested a new
Q57: A company deployed an Amazon EC2 instance
Q58: A company is developing an ecommerce application.
Q59: An organization operates a web application that
Q60: An application is currently secured using network