A Security Engineer is looking for a way to control access to data that is being encrypted under a CMK. The Engineer is also looking to use additional authenticated data (AAD) to prevent tampering with ciphertext. Which action would provide the required functionality?
A) Pass the key alias to AWS KMS when calling Encrypt and Decrypt API actions. Pass the key alias to AWS KMS when calling Encrypt and Decrypt API actions.
B) Use IAM policies to restrict access to Encrypt and Decrypt API actions. Use IAM policies to restrict access to
C) Use kms:EncryptionContext as a condition when defining IAM policies for the CMK. Use kms:EncryptionContext as a condition when defining IAM policies for the CMK.
D) Use key policies to restrict access to the appropriate IAM groups.
Correct Answer:
Verified
Q130: An organization is using Amazon CloudWatch Logs
Q131: What are the MOST secure ways to
Q132: The Security Engineer for a mobile game
Q133: A Security Engineer discovered a vulnerability in
Q134: An Amazon EC2 instance is part of
Q136: The Security Engineer is managing a web
Q137: A company has multiple production AWS accounts.
Q138: Compliance requirements state that all communications between
Q139: The Security Engineer is given the following
Q140: A company maintains sensitive data in an
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents