New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Specialty
  5. SCS-C02 Discussions
  6. SCS-C02 Exam Topic 6 Question 57 Discussion

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 57 Topic 6 Discussion

 Amazon Web Services Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 57 Topic 6 Discussion

SCS-C02 Exam Topic 6 Question 57 Discussion:
Question #: 57
Topic #: 6

A company is building a secure solution that relies on an AWS Key Management Service (AWS KMS) customer managed key. The company wants to allow AWS Lambda to use the KMS key. However, the company wants to prevent Amazon EC2 from using the key.

Which solution will meet these requirements?
A.

Create an IAM policy that explicitly denies permission to the key. Attach the policy to all EC2 instance profiles. Create an IAM policy that explicitly allows permission to the key. Attach the policy to all Lambda function roles.

B.

Create a custom key policy for the key. Use the kms:ViaService condition key to deny access to requests from Amazon EC2 and to allow access to requests from Lambda. Use the Lambda IAM role as the principal.

C.

Create a custom key policy for the key. Use the aws:SourceIp condition key to deny access to requests from Amazon EC2. Use the aws:AuthorizedService condition key to allow access to requests from Lambda. Use the Lambda IAM role as the principal.

D.

Create an SCP that explicitly denies permission to the key for Amazon EC2 and explicitly allows permission to the key for Lambda. Attach the SCP to the AWS account.

Get Premium SCS-C02 Questions
Actual exam question for Amazon Web Services SCS-C02 exam by Sage14828 at Nov 17, 2025, 8:08:25 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next