Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 78 Topic 8 Discussion

SCS-C02 Exam Topic 8 Question 78 Discussion:

Question #: 78

Topic #: 8

An Application team has requested a new IAM KMS master key for use with Amazon S3, but the organizational security policy requires separate master keys for different IAM services to limit blast radius.
How can an IAM KMS customer master key (CMK) be constrained to work with only Amazon S3?

Configure the CMK key policy to allow only the Amazon S3 service to use the kms Encrypt action

Configure the CMK key policy to allow IAM KMS actions only when the kms ViaService condition matches the Amazon S3 service name.

Configure the IAM user's policy lo allow KMS to pass a rote lo Amazon S3

Configure the IAM user's policy to allow only Amazon S3 operations when they are combined with the CMK

Get Premium SCS-C02 Questions

Actual exam question for Amazon Web Services SCS-C02 exam by Talon6582 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 78 Topic 8 Discussion

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 78 Topic 8 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 78 Topic 8 Discussion

Amazon Web Services AWS Certified Security - Specialty SCS-C02 Question # 78 Topic 8 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval