What additional items need to be added to the IAM user policy? (Choose two.)

adminFebruary 7, 2020

An IAM user with fill EC2 permissions could bot start an Amazon EC2 instance after it was stopped for a maintenance task. Upon starting the instance, the instance state would change to “Pending”, but after a few seconds, it would switch back to “Stopped”.

An inspection revealed that the instance has attached Amazon EBS volumes that were encrypted by using a Customer Master Key (CMK). When these encrypted volumes were detached, the IAM user was able to start the EC2 instances.

The IAM user policy is as follows:

What additional items need to be added to the IAM user policy? (Choose two.)

A. kms:GenerateDataKey

B. kms:Decrypt

C. kms:CreateGrant

D. “Condition”: {
“Bool”: {
“kms:ViaService”: “ec2.us-west-2.amazonaws.com”
}
}

E. “Condition”: {
“Bool”: {
“kms:GrantIsForAWSResource”: true
}
}

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

Briefing Amazon Knowledge

Free Amazon study guide

What additional items need to be added to the IAM user policy? (Choose two.)

Leave a Reply Cancel reply