Winter Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 8w52ceb345

A security engineer is responding to an incident that is affecting an AWS account.

Amazon Web Services SCS-C03 Full Course Access
Amazon Web Services SCS-C03 View All Questions

A security engineer is responding to an incident that is affecting an AWS account. The ID of the account is 123456789012. The attack created workloads that are distributed across multiple AWS Regions.

The security engineer contains the attack and removes all compute and storage resources from all affected Regions. However, the attacker also created an AWS KMS key. The key policy on the KMS key explicitly allows IAM principal kms:* permissions.

The key was scheduled to be deleted the previous day. However, the key is still enabled and usable. The key has an ARN of

arn:aws:kms:us-east-2:123456789012:key/mrk-0bb0212cd9864fdea0dcamzo26efb5670.

The security engineer must delete the key as quickly as possible.

Which solution will meet this requirement?

A.

Log in to the account by using the account root user credentials. Re-issue the deletion request for the KMS key with a waiting period of 7 days.

B.

Identify the other Regions where the KMS key ID is present and schedule the key for deletion in 7 days.

C.

Update the IAM principal to allow kms:* permissions on the KMS key ARN. Re-issue the deletion request for the KMS key with a waiting period of 7 days.

D.

Disable the KMS key. Re-issue the deletion request for the KMS key in 30 days.

SCS-C03 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now SCS-C03 pdf
Get 60% Discount on All Products, Use Coupon: "8w52ceb345"
Next
A company’s developers are using AWS Lambda function URLs to invoke functions directly.
A company begins to use AWS WAF after experiencing an increase in traffic to the...
Previous