AmazonAmazon
SCS-C03 · Question #33
SCS-C03 Question #33: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C03 to reveal the answer and full explanation for question #33. The question stem and answer options stay visible for context.
Submitted by lars.no· Mar 6, 2026
Question
A company's application team needs a new AWS Key Management Service (AWS KMS) customer managed key to use with Amazon S3. The company's security policy requires separate keys for different AWS services to limit security exposure. How can a security engineer limit the KMS customer managed key to work with only Amazon S3?
Options
- AConfigure the key policy to allow only Amazon S3 to perform the kms:Encrypt action.
- BConfigure the key policy to allow KMS actions only when the value for the kms:ViaService
- CConfigure the application's IAM role policy to allow Amazon S3 to perform the iam:PassRole
- DConfigure the application's IAM role policy to allow only S3 operations when the operations are
Unlock SCS-C03 to see the answer
You've previewed enough free SCS-C03 questions. Unlock SCS-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.