Multiple Choice
A Security Engineer is looking for a way to control access to data that is being encrypted under a CMK. The Engineer is also looking to use additional authenticated data (AAD) to prevent tampering with ciphertext. Which action would provide the required functionality?
A) Pass the key alias to AWS KMS when calling Encrypt and Decrypt API actions. Pass the key alias to AWS KMS when calling Encrypt and Decrypt API actions.
B) Use IAM policies to restrict access to Encrypt and Decrypt API actions. Use IAM policies to restrict access to
C) Use kms:EncryptionContext as a condition when defining IAM policies for the CMK. Use kms:EncryptionContext as a condition when defining IAM policies for the CMK.
D) Use key policies to restrict access to the appropriate IAM groups.
Correct Answer:
Verified
Correct Answer:
Verified
Q114: Which of the following are valid event
Q115: An organizational must establish the ability to
Q116: Which of the following minimizes the potential
Q117: A user is implementing a third-party web
Q118: A security engineer is defining the controls
Q120: A company's AWS CloudTrail logs are all
Q121: A company has an IAM group. All
Q122: A Security Engineer signed in to the
Q123: A security engineer is designing an incident
Q124: An organization is moving non-business-critical applications to