Topic 1 Question 70
A company is partnering with an external vendor to provide data processing services. For this integration, the vendor must host the company's data in an Amazon S3 bucket in the vendor's AWS account. The vendor is allowing the company to provide an AWS Key Management Service (AWS KMS) key to encrypt the company's data. The vendor has provided an IAM role Amazon Resources Name (ARN) to the company for this integration. What should a SysOps administrator do to configure this integration?
Create a new KMS key. Add the vendor's IAM role ARN to the KMS key policy. Provide the new KMS key ARN to the vendor.
Create a new KMS key. Create a new IAM key. Add the vendor's IAM role ARN to an inline policy that is attached to the IAM user. Provide the new IAM user ARN to the vendor.
Configure encryption using the KMS managed S3 key. Add the vendor's IAM role ARN to the KMS key policy. Provide the KMS managed S3 key ARN to the vendor.
Configure encryption using the KMS managed S3 key. Create an S3 bucket. Add the vendor's IAM role ARN to the S3 bucket policy. Provide the S3 bucket ARN to the vendor.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: A
The vendor is required to host the S3 bucket. It holds the company's data. The vendor wants to use a company-provided key to encrypt the data. So the company needs to create the new key and then provide access to that key from the IAM role which was provided by the vendor. (Answer: A)
D - Can't be D as that would mean the company is hosting the data (not the vendor). D is hosting the data at the company and providing access to the data to the vendor.
👍 9fedorian2022/11/13 - 正解だと思う選択肢: A
The explanation alludes to A
👍 3Kinetix2022/10/04 - 正解だと思う選択肢: A
It's A guys.
👍 3spaget2022/10/28
シャッフルモード
