Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

  1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Specialty
  5. SCS-C03 Discussions
  6. SCS-C03 Exam Topic 3 Question 28 Discussion

Amazon Web Services AWS Certified Security – Specialty SCS-C03 Question # 28 Topic 3 Discussion

 Amazon Web Services Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Amazon Web Services AWS Certified Security – Specialty SCS-C03 Question # 28 Topic 3 Discussion

SCS-C03 Exam Topic 3 Question 28 Discussion:
Question #: 28
Topic #: 3

A company is building a secure solution that relies on an AWS Key Management Service (AWS KMS) customer managed key. The company wants to allow AWS Lambda to use the KMS key. However, the company wants to prevent Amazon EC2 from using the key.

Which solution will meet these requirements?
A.

Use IAM explicit deny for EC2 instance profiles and allow for Lambda roles.

B.

Use a KMS key policy with kms:ViaService conditions to allow Lambda usage and deny EC2 usage.

C.

Use aws:SourceIp and aws:AuthorizedService condition keys in the KMS key policy.

D.

Use an SCP to deny EC2 and allow Lambda.

Get Premium SCS-C03 Questions
Actual exam question for Amazon Web Services SCS-C03 exam by Orion34386 at Feb 10, 2026, 10:14:44 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next