LEARN MORE

Save more with our SAA, CDA, and SysOps video course + practice exam + eBook triple bundle deals

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty AWS Certified Security Specialty Practice Exam – Question Bank Updates

Tagged: 

  • AWS Certified Security Specialty Practice Exam – Question Bank Updates

  • SaiScythe

    Member
    August 6, 2021 at 2:02 am

    I have a clarification on this question because I am very confused about the answer as to why it is about grant

    A Security Administrator is troubleshooting an issue whereby an IAM user with full EC2 permissions could not start an EC2 instance after it was stopped for server maintenance. The instance state would change to Pending when the user tries to start the instance, however, it would go back to Stopped state right after a few seconds. As per initial investigation, there are EBS volumes attached to the instance that were encrypted with a Customer Master Key (CMK). The administrator noticed that the IAM user was able to start the EC2 instance when the encrypted volumes were detached. The Administrator also confirmed that the CMK key in the user policy is correct.

    So the IAM Policy attached to the user allows any EC2 actions to the batanes-key. Given the conditions above, if we are to check the issue, it has something to do with the user unable to decrypt the encrypted volumes because if it is attached, there is issue; if un-attached, there is no issue. When I created a grant to a user in my account, I am prompted to add operations e.g. encrypt, decrypt, generatedatakey etc but in the answer, it just says:

    Add kms:CreateGrant in the Action element.

    Add “Condition”: { “Bool”: { “kms:GrantIsForAWSResource”: true }

    so what actions for CreateGrant are we going to grant to the user because I created a grant in my account, I have to specify the operation, sample:

    I created a KMS grant on my user using the below command

    aws kms create-grant –key-id a1e630d0-5491-455d-bed6-d59dc49b5971 –grantee-principal arn:aws:iam::myaccountid:user/test-user-name –operations “specify actions here”

    C:\Users\users>aws kms list-grants –key-id a1e630d0-5491-455d-bed6-d59dc49b5971

    {

    “Grants”: [

    {

    “KeyId”: “arn:aws:kms:us-east-1:myaccountid:key/a1e630d0-5491-455d-bed6-d59dc49b5971”,

    “GrantId”: “38cd6d72d0325d54f0110784bbe2bc824f5d84d5fb54952ceda9747e478f1a63”,

    “Name”: “”,

    “CreationDate”: 1628184521.0,

    “GranteePrincipal”: “arn:aws:iam::myaccountid/test-user-name”,

    “IssuingAccount”: “arn:aws:iam::myaccountid:root”,

    “Operations”: [

    “Encrypt”

    ]

    }

    ]

    }

    https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html — here the operations are specified

    {

    “Operations”: [

    “Encrypt”,

    “Decrypt”

    ],

    “GranteePrincipal”: “arn:aws:iam::111122223333:role/ExampleRole”,

    “KeyId”: “arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab”

    }

    Should we not create grant with decrypt operation as part of the answer? Hoping for clarification on this. Thanks

  • Joy-TutorialsDojo

    Member
    September 8, 2021 at 10:09 pm

    Routine question bank updates.

  • Lakitu

    Member
    September 15, 2021 at 11:45 pm

    What size is the question bank for the AWS Certified Security Specialty Practice Exam course? How many questions total? Trying to gauge when I am complete with reviewing all questions. I have completed both Timed Exams, which I think all the questions are unique totaling about 130 questions. Are there other unique questions I will encounter when I do the Final Mock Exam at the end of the course? I am seeing the questions repeat themselves in the review and section based sections. Thanks!

  • Joy-TutorialsDojo

    Member
    September 19, 2021 at 7:58 pm

    Routine question bank updates.

  • Joy-TutorialsDojo

    Member
    October 3, 2021 at 2:56 pm

    Routine question bank updates.

  • Joy-TutorialsDojo

    Member
    October 22, 2021 at 5:46 pm

    Routine question bank updates.

Viewing 16 - 21 of 21 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now