This certification preparation material would help you in getting the jobs in the AWS Fields

AWS Developer Certification : Associate Level AWS Sysops Administrator Certification : Assciate Level AWS Solution Architect Certification : Associate Level AWS Soltion Architect : Professional Level AWS Certified Security Specialty (SCS-C01) AWS Professional certification Exam AWS Certified Big Data – Specialty (BDS-C00) AWS Certified Machine Learning MLS C01 Certification Prepration Materal AWS Solution Architect : Training Associate AWS Advanced Networking Certifications AWS Exam Prepare : Kinesis Data Stream Book : AWS Solution Architect Associate : Little Guide AWS Security Specialization Certification: Little Guide SCS-C01 AWS Package Deal

While applying to the Job you need to mention referred by : | or Website :


copy its bad Karma

Question-8: You have department wise grouped IAM identities and each department is using different CMKs to do cryptographic operations. As of now there are no proper access controls are in place. You wanted to setup control access on CMKs such that if one user have permission on one CMK then he should be able to delegate the permissions to another user. In this case which of the below is suitable.

  1. It require only Key policy setup
  2. It require only IAM policy setup
  3. It require IAM policy and grants in place.
  4. It require Key policy and grants

Ans: D

Detailed Explanation: Controlling Access to AWS KMS CMKs: You will be using following ways to control access to a CMK.

  1. Using Key Policy: You can use single Key Policy document to define the access control.
  2. IAM Policy + Key Policy: In this way you can manage all of the permissions for your IAM identities.
  3. Grant + Key Policy: You can use grant and Key policy to allow access to CMK. In Key policy you control the access to the CMK and also allow users to delegate their access to others.

To allow access to KMS CMK, you must use Key Policy (Remember: That is a mandate). You can use any of the above combination to control the access to CMK. IAM policy alone are not enough to control the access for CMKs. For most of the other services IAM policies are enough but this is not the case with KMS.