SCS-C03 · Question #16
SCS-C03 Question #16: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C03 to reveal the answer and full explanation for question #16. The question stem and answer options stay visible for context.
Question
A company wants to establish separate AWS Key Management Service (AWS KMS) keys to use for different AWS services. The company's security engineer created a key policy to allow the infrastructure deployment team to create encrypted Amazon Elastic Block Store (Amazon EBS) volumes by assuming the InfrastructureDeployment IAM role. The security engineer recently discovered that IAM roles other than the InfrastructureDeployment role used this key for other services. Which change to the policy should the security engineer make to resolve these issues?
Options
- AIn the statement block that contains the Sid "Allow use of the key", under the "Condition" block,
- BIn the policy document, remove the statement block that contains the Sid "Enable IAM User
- CIn the statement block that contains the Sid "Allow use of the key", under the "Condition" block,
- DIn the policy document, add a new statement block that grants the kms:Disable* permission to the
Unlock SCS-C03 to see the answer
You've previewed enough free SCS-C03 questions. Unlock SCS-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.