AWS Certified Security – Specialty SCS-C01 – Question199

A company has an application hosted in an Amazon EC2 instance and wants the application to access secure strings stored in AWS Systems Manager Parameter Store. When the application tries to access the secure string key value, it fails.
Which factors could be the cause of this failure? (Choose two.)

A.
The EC2 instance role does not have decrypt permissions on the AWS Key Management Service (AWS KMS) key used to encrypt the secret.
B. The EC2 instance role does not have read permissions to read the parameters in Parameter Store.
C. Parameter Store does not have permission to use AWS Key Management Service (AWS KMS) to decrypt the parameter.
D. The EC2 instance role does not have encrypt permissions on the AWS Key Management Service (AWS KMS) key associated with the secret.
E. The EC2 instance does not have any tags associated.

Correct Answer: BC