{"id":105,"date":"2021-01-04T08:09:47","date_gmt":"2021-01-04T08:09:47","guid":{"rendered":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/aws-certified-security-specialty-scs-c01-question098\/"},"modified":"2021-01-04T08:09:47","modified_gmt":"2021-01-04T08:09:47","slug":"aws-certified-security-specialty-scs-c01-question098","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/aws-certified-security-specialty-scs-c01-question098\/","title":{"rendered":"AWS Certified Security &#8211; Specialty SCS-C01 &#8211; Question098"},"content":{"rendered":"<div class=\"question\">A Development team has asked for help configuring the IAM roles and policies in a new AWS account. The team using the account expects to have hundreds of master keys and therefore does not want to manage access control for customer master keys (CMKs). Which of the following will allow the team to manage AWS KMS permissions in IAM without the complexity of editing individual key policies? <br \/><strong><br \/>A.<\/strong> The account\u2019s CMK key policy must allow the account\u2019s IAM roles to perform KMS EnableKey. <br \/><strong>B.<\/strong> Newly created CMKs must have a key policy that allows the root principal to perform all actions. <br \/><strong>C.<\/strong> Newly created CMKs must allow the root principal to perform the kms CreateGrant API operation. <br \/><strong>D.<\/strong> Newly created CMKs must mirror the IAM policy of the KMS key administrator.<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>D<\/strong><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>A Development team has asked for help configuring the IAM roles and policies in a new AWS account. The team using the account expects to have hundreds of master keys and therefore does not want to manage access control for customer master keys (CMKs). Which of the following will allow the team to manage AWS [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,101],"class_list":["post-105","post","type-post","status-publish","format-standard","hentry","category-aws-certified-security-specialty-scs-c01","tag-aws-certified-security-specialty-scs-c01","tag-question-098"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/posts\/105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/comments?post=105"}],"version-history":[{"count":0,"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/posts\/105\/revisions"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/media?parent=105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/categories?post=105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/tags?post=105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}