SCS-C03 · Question #131
SCS-C03 Question #131: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C03 to reveal the answer and full explanation for question #131. The question stem and answer options stay visible for context.
Question
A security engineer is responding to an incident that is affecting an AWS account. The ID of the account is 123456789012. The attack created workloads that are distributed across multiple AWS Regions. The security engineer contains the attack and removes all compute and storage resources from all affected Regions. However, the attacker also created an AWS KMS key. The key policy on the KMS key explicitly allows IAM principal kms:* permissions. The key was scheduled to be deleted the previous day. However, the key is still enabled and usable. The key has an ARN of arn:aws:kms:us-east-2:123456789012:key/mrk- 0bb0212cd9864fdea0dcamzo26efb5670. The security engineer must delete the key as quickly as possible. Which solution will meet this requirement?
Options
- ALog in to the account by using the account root user credentials. Re-issue the deletion request for
- BIdentify the other Regions where the KMS key ID is present and schedule the key for deletion in 7
- CUpdate the IAM principal to allow kms:* permissions on the KMS key ARN. Re-issue the deletion
- DDisable the KMS key. Re-issue the deletion request for the KMS key in 30 days.
Unlock SCS-C03 to see the answer
You've previewed enough free SCS-C03 questions. Unlock SCS-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.