Multiple Choice
The AWS Systems Manager Parameter Store is being used to store database passwords used by an AWS Lambda function. Because this is sensitive data, the parameters are stored as type SecureString and protected by an AWS KMS key that allows access through IAM. When the function executes, this parameter cannot be retrieved as the result of an access denied error. Which of the following actions will resolve the access denied error?
A) Update the ssm.amazonaws.com principal in the KMS key policy to allow kms: Decrypt.
B) Update the Lambda configuration to launch the function in a VPC.
C) Add a policy to the role that the Lambda function uses, allowing kms: Decrypt for the KMS key.
D) Add lambda.amazonaws.com as a trusted entity on the IAM role that the Lambda function uses.
Correct Answer:
Verified
Correct Answer:
Verified
Q205: Due to new compliance requirements, a Security
Q206: A company plans to use custom AMIs
Q207: A company wants to control access to
Q208: A company had one of its Amazon
Q209: A Security Engineer must design a solution
Q211: A Development team has built an experimental
Q212: An application has been written that publishes
Q213: A company is using AWS Organizations to
Q214: A company has complex connectivity rules governing
Q215: An Amazon S3 bucket is encrypted using