Topic #: - All AWS Certified Security - Specialty Questions

A. In the target AWS account, update the KMS key policy on the AWS managed key to explicitly allow the kms:Decrypt and kms:CreateGrant actions to the automation’s IAM role.
B. In the target AWS account, create a customer managed KMS key. Update the automation’s IAM role to allow the kms:Encrypt, kms:Decrypt, kms:GenerateDataKey*, and kms:CreateGrant actions. Most Voted
C. In the security team’s AWS account, update the automation’s IAM role to allow the kms:Encrypt, kms:Decrypt, kms:GenerateDataKey*, and kms:CreateGrant actions for the AWS managed key.
D. In the security team’s AWS account, update the automation’s IAM role to allow the kms:Encrypt, kms:Decrypt, kms:GenerateDataKey*, and kms:CreateGrant actions for the customer managed KMS key. Most Voted
E. In the security team’s AWS account, update the automation code to take EBS snapshots and to use the AWS managed key.
F. In the security team’s AWS account, update the automation code to take EBS snapshots and to use the customer managed KMS key. Most Voted

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.