Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SCS-C02 Topic 2 Question 16 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 16
Topic #: 2
[All SCS-C02 Questions]

A company stores sensitive documents in Amazon S3 by using server-side encryption with an IAM Key Management Service (IAM KMS) CMK. A new requirement mandates that the CMK that is used for these documents can be used only for S3 actions.

Which statement should the company add to the key policy to meet this requirement?

A)

B)

Show Suggested Answer Hide Answer
Suggested Answer: D

To ensure minimal latency and regional availability of secrets, encrypting secrets in us-east-1 with a customer-managed KMS key and then replicating them to us-west-1 for encryption with the same key is the optimal approach. This method leverages customer-managed KMS keys for enhanced control and ensures that secrets are available in both regions, adhering to disaster recovery principles and minimizing latency by using regional endpoints.


by Lindsay at Apr 24, 2024, 12:33 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Derick
1 months ago
Option B? More like Option 'Bingo!' Am I right, folks? *crickets* Tough crowd.
upvoted 0 times
...
Casey
1 months ago
Option B all the way! Though I have to say, the exam writers really love tripping us up with these seemingly straightforward questions. Can't let my guard down for a second!
upvoted 0 times
Theola
11 days ago
You make a good point. I'll have to reconsider my choice and double-check the requirements.
upvoted 0 times
...
Nickolas
12 days ago
Really? I'm leaning towards Option B because it specifically mentions S3 actions.
upvoted 0 times
...
Kristin
1 months ago
I agree, these questions can be tricky. But I think Option A is the correct one in this case.
upvoted 0 times
...
...
Sarina
2 months ago
Hold up, are we sure the key policy is the right place to add this restriction? Shouldn't we be looking at the IAM policy instead? Hmm, maybe I need to brush up on my AWS security knowledge.
upvoted 0 times
Otis
17 days ago
User 3: Maybe we should also review the IAM policy to ensure complete security.
upvoted 0 times
...
Dino
22 days ago
User 2: Yeah, that sounds right. Option A seems to address that requirement.
upvoted 0 times
...
Lawrence
23 days ago
User 1: I think we should add a condition to the key policy to restrict S3 actions only.
upvoted 0 times
...
...
Ashlee
2 months ago
Option A looks like it's trying to restrict the CMK to only a specific IAM user, which doesn't align with the requirement. Option B seems more on point.
upvoted 0 times
Jordan
1 days ago
Yes, Option B clearly specifies that the CMK can only be used for S3 actions.
upvoted 0 times
...
James
3 days ago
We should definitely go with Option B to meet the new requirement.
upvoted 0 times
...
Jackie
5 days ago
I agree, Option B seems more on point.
upvoted 0 times
...
Gary
23 days ago
Option A looks like it's trying to restrict the CMK to only a specific IAM user, which doesn't align with the requirement.
upvoted 0 times
...
...
Lawanda
2 months ago
I think Option B is the correct answer. Limiting the CMK to only S3 actions seems like the logical choice to meet the new requirement.
upvoted 0 times
...
Pearly
2 months ago
I disagree, I believe statement B is more specific and clearly defines the restriction to S3 actions.
upvoted 0 times
...
Sue
2 months ago
I agree with Lavonna, statement A seems to restrict the CMK usage to only S3 actions.
upvoted 0 times
...
Lavonna
3 months ago
I think the company should add statement A to the key policy.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77