New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 2 Question 16 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 16
Topic #: 2
[All SCS-C02 Questions]

A company stores sensitive documents in Amazon S3 by using server-side encryption with an IAM Key Management Service (IAM KMS) CMK. A new requirement mandates that the CMK that is used for these documents can be used only for S3 actions.

Which statement should the company add to the key policy to meet this requirement?

A)

B)

Show Suggested Answer Hide Answer
Suggested Answer: D

To ensure minimal latency and regional availability of secrets, encrypting secrets in us-east-1 with a customer-managed KMS key and then replicating them to us-west-1 for encryption with the same key is the optimal approach. This method leverages customer-managed KMS keys for enhanced control and ensures that secrets are available in both regions, adhering to disaster recovery principles and minimizing latency by using regional endpoints.


by Lindsay at Apr 24, 2024, 12:33 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Eloisa
3 months ago
Not sure if this is the best approach, though.
upvoted 0 times
...
Niesha
3 months ago
Totally agree with A, it fits the requirement perfectly!
upvoted 0 times
...
Justine
3 months ago
Wait, can we really restrict a CMK like that?
upvoted 0 times
...
Rodney
4 months ago
I think Option B is more secure.
upvoted 0 times
...
Sheldon
4 months ago
Option A allows S3 actions only.
upvoted 0 times
...
Geraldine
4 months ago
I think both options could be valid, but I need to double-check which one actually enforces the S3-only requirement.
upvoted 0 times
...
Glenn
4 months ago
I feel like Option A might be the right choice, but I can't recall if it explicitly limits the usage to S3.
upvoted 0 times
...
Leatha
4 months ago
This seems similar to a practice question we did on IAM policies. I think it might be about specifying the actions allowed for the key.
upvoted 0 times
...
Jesusita
5 months ago
I remember studying key policies, but I'm not entirely sure which option restricts the CMK to only S3 actions.
upvoted 0 times
...
Melvin
5 months ago
The question is straightforward, and Option B clearly addresses the new requirement. I'm confident that's the correct answer.
upvoted 0 times
...
Hannah
5 months ago
Okay, I see the key policy statement in Option B specifically limits the CMK to S3 actions. That seems to match the requirement, so I'll go with that.
upvoted 0 times
...
Gertude
5 months ago
This looks like a tricky one. I'll need to carefully read through the question and options to understand the key policy requirements.
upvoted 0 times
...
Corrie
5 months ago
Hmm, the new requirement is that the CMK can only be used for S3 actions. I think Option B might be the right answer, but I'll double-check the details.
upvoted 0 times
...
Anisha
5 months ago
Okay, I've got this. The key here is to focus on improving the consistency and sharing of answers among the agents. That means we need a centralized knowledge base where they can access and contribute solutions. The other options don't really address that core issue.
upvoted 0 times
...
Jose
5 months ago
Oof, out-of-memory errors can be tricky. I'd start by reducing the batch size and see if that does the trick. Changing the optimizer or learning rate could also work, but the batch size seems like the most straightforward solution.
upvoted 0 times
...
Garry
5 months ago
I'm pretty sure this is asking about network-based intrusion detection systems, so I'll go with option D.
upvoted 0 times
...
Jerlene
5 months ago
Income tax and maybe social security? That feels like a similar question we had on our last practice test.
upvoted 0 times
...
Derick
10 months ago
Option B? More like Option 'Bingo!' Am I right, folks? *crickets* Tough crowd.
upvoted 0 times
...
Casey
10 months ago
Option B all the way! Though I have to say, the exam writers really love tripping us up with these seemingly straightforward questions. Can't let my guard down for a second!
upvoted 0 times
Theola
9 months ago
You make a good point. I'll have to reconsider my choice and double-check the requirements.
upvoted 0 times
...
Nickolas
9 months ago
Really? I'm leaning towards Option B because it specifically mentions S3 actions.
upvoted 0 times
...
Kristin
9 months ago
I agree, these questions can be tricky. But I think Option A is the correct one in this case.
upvoted 0 times
...
...
Sarina
10 months ago
Hold up, are we sure the key policy is the right place to add this restriction? Shouldn't we be looking at the IAM policy instead? Hmm, maybe I need to brush up on my AWS security knowledge.
upvoted 0 times
Otis
9 months ago
User 3: Maybe we should also review the IAM policy to ensure complete security.
upvoted 0 times
...
Dino
9 months ago
User 2: Yeah, that sounds right. Option A seems to address that requirement.
upvoted 0 times
...
Lawrence
9 months ago
User 1: I think we should add a condition to the key policy to restrict S3 actions only.
upvoted 0 times
...
...
Ashlee
10 months ago
Option A looks like it's trying to restrict the CMK to only a specific IAM user, which doesn't align with the requirement. Option B seems more on point.
upvoted 0 times
Jordan
8 months ago
Yes, Option B clearly specifies that the CMK can only be used for S3 actions.
upvoted 0 times
...
James
8 months ago
We should definitely go with Option B to meet the new requirement.
upvoted 0 times
...
Jackie
8 months ago
I agree, Option B seems more on point.
upvoted 0 times
...
Gary
9 months ago
Option A looks like it's trying to restrict the CMK to only a specific IAM user, which doesn't align with the requirement.
upvoted 0 times
...
...
Lawanda
10 months ago
I think Option B is the correct answer. Limiting the CMK to only S3 actions seems like the logical choice to meet the new requirement.
upvoted 0 times
...
Pearly
11 months ago
I disagree, I believe statement B is more specific and clearly defines the restriction to S3 actions.
upvoted 0 times
...
Sue
11 months ago
I agree with Lavonna, statement A seems to restrict the CMK usage to only S3 actions.
upvoted 0 times
...
Lavonna
11 months ago
I think the company should add statement A to the key policy.
upvoted 0 times
...

Save Cancel