Multiple Choice
An application is running on Amazon EC2. It has an attached IAM role that is receiving an AccessDenied error while trying to access a SecureString parameter resource in the AWS Systems Manager Parameter Store. The SecureString parameter is encrypted with a customer-managed Customer Master Key (CMK) , What steps should the DevOps Engineer take to grant access to the role while granting least privilege? (Choose three.)
A) Set ssm:GetParamter for the parameter resource in the instance role's IAM policy. Set ssm:GetParamter for the parameter resource in the instance role's IAM policy.
B) Set kms:Decrypt for the instance role in the customer-managed CMK policy. kms:Decrypt for the instance role in the customer-managed CMK policy.
C) Set kms:Decrypt for the customer-managed CMK resource in the role's IAM policy. for the customer-managed CMK resource in the role's IAM policy.
D) Set ssm:DecryptParameter for the parameter resource in the instance role IAM policy. ssm:DecryptParameter for the parameter resource in the instance role IAM policy.
E) Set kms:GenerateDataKey for the user on the AWS managed SSM KMS key. kms:GenerateDataKey for the user on the AWS managed SSM KMS key.
F) Set kms:Decrypt for the parameter resource in the customer-managed CMK policy. for the parameter resource in the customer-managed CMK policy.
Correct Answer:
Verified
Correct Answer:
Verified
Q71: A DevOps Engineer needs to back up
Q72: You have an application which consists of
Q73: A production account has a requirement that
Q74: A company has multiple development teams sharing
Q75: A company must ensure consistent behavior of
Q77: A developer has written an application that
Q78: You are building a large, multi-tenant SaaS
Q79: A DevOps Engineer encountered the following error
Q80: A DevOps Engineer is designing a deployment
Q81: When logging with Amazon CloudTrail, API call