A systems engineer must design and troubleshoot AWS services for a new project. The project deploys applications onto two Amazon EC2 instances that are named EC2A and EC2B. Both instances need to encrypt dozens of files by using an AWS Key Management Service (AWS KMS) customer managed key. The key has the following key policy: EC2RoleA is the role that EC2A uses. This role does not have any IAM policy that is related to AWS KMS. EC2RoleB is the role that EC2B uses. This role has the following IAM policy: Both IAM roles are within the same AWS account that contains the customer managed key. What will happen when EC2Aand EC2B attempt to use the customer managed key?

Topic #: - All AWS Certified Security - Specialty Questions

A. Both EC2A and EC2B can use the customer managed key properly for encryption.
B. Neither EC2A nor EC2B will be able to use the customer managed key for encryption.
C. EC2A cannot use the customer managed key for encryption. EC2B can use the customer managed key for encryption.
D. EC2A can use the customer managed key for encryption. EC2B cannot use the customer managed key for encryption.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion