SOA-C02 · Question #631
SOA-C02 Question #631: Real Exam Question with Answer & Explanation
Sign in or unlock SOA-C02 to reveal the answer and full explanation for question #631. The question stem and answer options stay visible for context.
Question
A company has an Amazon S3 bucket that is encrypted by an AWS Key Management Service (AWS KMS) customer managed key. The KMS key has an alias of DataKey. A SysOps administrator is creating the following key policy to grant permissions to data engineers to read data from the S3 bucket: The SysOps administrator must complete the Action element of the key policy to provide least privilege read access to objects in the S3 bucket. Which set of actions should the SysOps administrator add to the key policy to meet these requirements?
Options
- A"kms:ReEncrypt*",
- B"kms:ListAliases",
- C"kms:ListAliases",
- D"kms:Update*",
Unlock SOA-C02 to see the answer
You've previewed enough free SOA-C02 questions. Unlock SOA-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.