A company has a security team that manages its AWS Key Management Service (AWS KMS) CMKs. Members of the security team must be the only ones to administer the CMKs. The company’s application team has a software process that needs temporary access to the CMKS occasionally. The security team must provide the application team’s software process access to the CMKs. Which solution meets these requirements with the LEAST overhead?

Topic #: - All AWS Certified Security - Specialty Questions

A. Export the CMK key material to an on-premises hardware security module (HSM). Give the application team access to the key material.
B. Edit the key policy that grants the security team access to the CMKs by adding the application team as principals. Revert this change when the application team no longer needs access.
C. Create a key grant to allow the application team to use the CMKs. Revoke the grant when the application team no longer needs access. Most Voted
D. Create a new CMK by generating key material on premises. Import the key material to AWS KMS whenever the application team needs access. Grant the application team permissions to use the CMK.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion