Multiple Choice
An Application team has requested a new AWS KMS master key for use with Amazon S3, but the organizational security policy requires separate master keys for different AWS services to limit blast radius. How can an AWS KMS customer master key (CMK) be constrained to work with only Amazon S3?
A) Configure the CMK key policy to allow only the Amazon S3 service to use the kms:Encrypt action.
B) Configure the CMK key policy to allow AWS KMS actions only when the kms:ViaService condition matches the Amazon S3 service name.
C) Configure the IAM user's policy to allow KMS to pass a role to Amazon S3.
D) Configure the IAM user's policy to allow only Amazon S3 operations when they are combined with the CMK.
Correct Answer:
Verified
Correct Answer:
Verified
Q51: A company requires that SSH commands used
Q52: A security team is implementing a centralized
Q53: A Web Administrator for the website example.com
Q54: A Security Engineer accidentally deleted the imported
Q55: A Development team has asked for help
Q57: A company deployed an Amazon EC2 instance
Q58: A company is developing an ecommerce application.
Q59: An organization operates a web application that
Q60: An application is currently secured using network
Q61: A company has deployed a custom DNS