AWS Certified Security – Specialty SCS-C01 – Question288

A company stores sensitive documents in Amazon S3 by using server-side encryption with an AWS Key Management Service (AWS KMS) CMK. A new requirement mandates that the CMK that is used for these documents can be used only for S3 actions.
Which statement should the company add to the key policy to meet this requirement?

A.


B.

C.

D.

Correct Answer: B