Topic 1 Question 554
A developer has an application that runs in AWS Account A. The application must retrieve an AWS Secrets Manager secret that is encrypted by an AWS Key Management Service (AWS KMS) key from AWS Account B. The application’s role has permissions to access the secret in Account B.
The developer must add a statement to the KMS key’s key policy to allow the role in Account A to use the KMS key in Account B. The permissions must grant least privilege access to the role.
Which permissions will meet these requirements?
kms:Decrypt and kms:DescribeKey
secretsmanager:DescribeSecret and secretsmanager:GetSecretValue
kms:*
secretsmanager:*
ユーザの投票
コメント(2)
- 正解だと思う選択肢: A
least priviliges
👍 10bdf3af2025/03/02 - 正解だと思う選択肢: A
Padrão de menor privilégios. O acesso é a chave KMS e não a secret
👍 1Dadasar2025/03/03
シャッフルモード