SCS-C02 · Question #236
SCS-C02 Question #236: Real Exam Question with Answer & Explanation
The correct answer is D: Instruct the engineering team to pass the grant token returned in the CreateGrant response to. When creating a grant in AWS KMS, the operation returns a grant token that can be used immediately to make API calls with the newly created grant. Without using the grant token, there can be a delay before the grant is fully available for use, which can result in AccessDeniedExce
Question
A company's engineering team is developing a new application that creates AWS Key Management Service (AWS KMS) customer managed key grants tor users. Immediately after a grant is created, users must be able to use the KMS key to encrypt a 512-byte payload. During load testing. AccessDeniedException errors occur occasionally when a user first attempts to use the key to encrypt. Which solution should the company's security specialist recommend to eliminate these AccessDeniedException errors?
Options
- AInstruct users to implement a retry mechanism every 2 minutes until the call succeeds.
- BInstruct the engineering team to consume a random grant token from users and to call the
- CInstruct the engineering team to create a random name for the grant when calling the
- DInstruct the engineering team to pass the grant token returned in the CreateGrant response to
Explanation
When creating a grant in AWS KMS, the operation returns a grant token that can be used immediately to make API calls with the newly created grant. Without using the grant token, there can be a delay before the grant is fully available for use, which can result in AccessDeniedException errors. By passing the grant token to users and instructing them to use it in their encrypt requests, they can use the grant immediately without waiting for full grant propagation, eliminating the error.
Community Discussion
No community discussion yet for this question.