ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 260 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 260
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A security engineer is working with a development team to design a supply chain application that stores sensitive inventory data in an Amazon S3 bucket. The application will use an AWS Key Management Service (AWS KMS) customer managed key to encrypt the data in Amazon S3.

The inventory data in Amazon S3 will be shared with hundreds of vendors. All vendors will use AWS principals from their own AWS accounts to access the data in Amazon S3. The vendor list might change weekly. The security engineer needs to find a solution that supports cross-account access.

Which solution is the MOST operationally efficient way to manage access control for the customer managed key?

  • A. Use KMS grants to manage key access. Programmatically create and revoke grants to manage vendor access.
  • B. Use am IAM role to manage key access. Programmatically update the IAM role policies to manage vendor access.
  • C. Use KMS key policies to manage key access. Programmatically update the KMS key policies to manage vendor access.
  • D. Use delegated access across AWS accounts by using IAM roles to manage key access. Programmatically update the IAM trust policy to manage cross-account vendor access.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by IPLogic at Dec. 5, 2024, 10:52 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
m_ch333
3 months, 3 weeks ago
Selected Answer: A
A. Grants are often used for temporary permissions because you can create one, use its permissions, and delete it without changing your key policies or IAM policies https://docs.aws.amazon.com/kms/latest/developerguide/grants.html
upvoted 1 times
...
IPLogic
4 months, 3 weeks ago
Selected Answer: A
Create KMS Key: Create a customer managed key in your AWS account. Create KMS Grants: For each vendor, create a KMS grant that allows them to encrypt and decrypt data using the key. You can specify the principal (the vendor's AWS account) and the permitted operations. Revoke Grants: When a vendor is no longer authorized, revoke their grant. By using KMS grants, you can efficiently manage access to your sensitive data, ensuring that only authorized vendors can access it. This approach eliminates the need for complex IAM role management and provides a more streamlined and secure solution.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago