An organization has three applications running on AWS, each accessing the same data on Amazon S3. The data on Amazon S3 is server-side encrypted by using an AWS KMS Customer Master Key (CMK) . What is the recommended method to ensure that each application has its own programmatic access control permissions on the KMS CMK?
A) Change the key policy permissions associated with the KMS CMK for each application when it must access the data in Amazon S3.
B) Have each application assume an IAM role that provides permissions to use the AWS Certificate Manager CMK.
C) Have each application use a grant on the KMS CMK to add or remove specific access controls on the KMS CMK.
D) Have each application use an IAM policy in a user context to have specific access permissions on the KMS CMK.
Correct Answer:
Verified
Q138: Compliance requirements state that all communications between
Q139: The Security Engineer is given the following
Q140: A company maintains sensitive data in an
Q141: A company manages three separate AWS accounts
Q142: A company has several production AWS accounts
Q144: While analyzing a company's security solution, a
Q145: A company has two AWS accounts, each
Q146: A Security Engineer is working with the
Q147: A company plans to migrate a sensitive
Q148: A Web Administrator for the website example.com
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents