SCS-C02 · Question #259
SCS-C02 Question #259: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #259. The question stem and answer options stay visible for context.
Question
A security engineer is setting up an AWS CloudTrail trail for all regions in an AWS account. For added security, the logs are stored using server-side encryption with AWS KMS-managed keys (SSE-KMS) and have log integrity validation enabled. While testing the solution, the security engineer discovers that the digest files are readable, but the log files are not. What is the MOST likely cause?
Options
- AThe log flies fail integrity validation and automatically are marked as unavailable.
- BThe KMS key policy does not grant the security engineer's IAM user or rote permissions to
- CThe bucket is set up to use server-side encryption with Amazon S3-managed keys (SSE-S3) as
- DAn IAM policy applicable to the security engineer's IAM user or role denies access to the
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.