SCS-C03 · Question #84
SCS-C03 Question #84: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C03 to reveal the answer and full explanation for question #84. The question stem and answer options stay visible for context.
Question
A security engineer is working with a development team to design a supply chain application that stores sensitive inventory data in an Amazon S3 bucket. The application will use an AWS Key Management Service (AWS KMS) customer managed key to encrypt the data in Amazon S3. The inventory data in Amazon S3 will be shared with hundreds of vendors. All vendors will use AWS principals from their own AWS accounts to access the data in Amazon S3. The vendor list might change weekly. The security engineer needs to find a solution that supports cross-account access. Which solution is the MOST operationally efficient way to manage access control for the customer managed key?
Options
- AUse KMS grants to manage key access. Programmatically create and revoke grants to manage
- BUse am IAM role to manage key access. Programmatically update the IAM role policies to
- CUse KMS key policies to manage key access. Programmatically update the KMS key policies to
- DUse delegated access across AWS accounts by using IAM roles to manage key access.
Unlock SCS-C03 to see the answer
You've previewed enough free SCS-C03 questions. Unlock SCS-C03 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.