A systems engineer must design and troubleshoot AWS services for a new project. The project deploys applications onto two Amazon EC2 instances that are named EC2A and EC2B. Both instances need to encrypt dozens of files by using an AWS Key Management Service (AWS KMS) customer managed key.
The key has the following key policy:
EC2RoleA is the role that EC2A uses. This role does not have any IAM policy that is related to AWS KMS. EC2RoleB is the role that EC2B uses. This role has the following IAM policy:
Both IAM roles are within the same AWS account that contains the customer managed key.
What will happen when EC2Aand EC2B attempt to use the customer managed key?
A. Both EC2A and EC2B can use the customer managed key properly for encryption.
B. Neither EC2A nor EC2B will be able to use the customer managed key for encryption.
C. EC2A cannot use the customer managed key for encryption. EC2B can use the customer managed key for encryption.
D. EC2A can use the customer managed key for encryption. EC2B cannot use the customer managed key for encryption.
Â
Suggested Answer: D
Community Answer: B
This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate
Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.
