Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 8w52ceb345

A security engineer is implementing a logging solution for a company's AWS environment.

Amazon Web Services SCS-C02 Full Course Access
Amazon Web Services SCS-C02 View All Questions

A security engineer is implementing a logging solution for a company's AWS environment. The security engineer has configured an AWS CloudTrail trail in the company's AWS account. The logs are stored in an Amazon S3 bucket for a third-party service provider to monitor. The service provider has a designated 1AM role to access the S3 bucket.

The company requires all logs to be encrypted at rest with a customer managed key. The security engineer uses AWS Key Management Service (AWS KMS) lo create the customer managed key and key policy. The security engineer also configures CloudTrail to use the key to encrypt the trail.

When the security engineer implements this configuration, the service provider no longer can read the logs.

What should the security engineer do to allow the service provider to read the logs?

A.

Ensure that the S3 bucket policy allows access to the service provider's role to decrypt objects.

B.

Add a statement to the key policy to allow the service provider's role the kms: Decrypt action (or the key.

C.

Add the AWSKeyManagementServicePowerUser AWS managed policy to the service provider's role.

D.

Migrate the key to AWS Certificate Manager (ACM) to create a shared endpoint for access to the key.

SCS-C02 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now SCS-C02 pdf
Get 60% Discount on All Products, Use Coupon: "8w52ceb345"
Next
A company's cloud operations team is responsible for building effective security for IAM cross-account access.
A company is operating a website using Amazon CloudFornt.
Previous