AmazonAmazon
SCS-C03 · Question #73
SCS-C03 Question #73: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C03 to reveal the answer and full explanation for question #73. The question stem and answer options stay visible for context.
Submitted by jian89· Mar 6, 2026
Question
A company is building a secure solution that relies on an AWS Key Management Service (AWS KMS) customer managed key. The company wants to allow AWS Lambda to use the KMS key. However, the company wants to prevent Amazon EC2 from using the key. Which solution will meet these requirements?
Options
- AUse IAM explicit deny for EC2 instance profiles and allow for Lambda roles.
- BUse a KMS key policy with kms:ViaService conditions to allow Lambda usage and deny EC2
- CUse aws:SourceIp and aws:AuthorizedService condition keys in the KMS key policy.
- DUse an SCP to deny EC2 and allow Lambda.
Unlock SCS-C03 to see the answer
You've previewed enough free SCS-C03 questions. Unlock SCS-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.