ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 214 - SCS-C01 discussion

Report
Export

The AWS Systems Manager Parameter Store is being used to store database passwords used by an AWS Lambda function. Because this is sensitive data, the parameters are stored as type SecureString and protected by an AWS KMS key that allows access through IAM. When the function executes, this parameter cannot be retrieved as the result of an access denied error. Which of the following actions will resolve the access denied error?

A.
Update the ssm.amazonaws.com principal in the KMS key policy to allow kms: Decrypt.
Answers
A.
Update the ssm.amazonaws.com principal in the KMS key policy to allow kms: Decrypt.
B.
Update the Lambda configuration to launch the function in a VPC.
Answers
B.
Update the Lambda configuration to launch the function in a VPC.
C.
Add a policy to the role that the Lambda function uses, allowing kms: Decrypt for the KMS key.
Answers
C.
Add a policy to the role that the Lambda function uses, allowing kms: Decrypt for the KMS key.
D.
Add lambda.amazonaws.com as a trusted entity on the IAM role that the Lambda function uses.
Answers
D.
Add lambda.amazonaws.com as a trusted entity on the IAM role that the Lambda function uses.
Suggested answer: C

Explanation:

https://docs.amazonaws.cn/en_us/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.IAM.KMSCreatePolicy.html

asked 16/09/2024
Raed Alshehri
50 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first