Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

💝 Valentine's Sale! Get 30% OFF Any Reviewer. Use coupon code: VDAYSALE2026 & 5% OFF Store Credits/Gift Cards

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Incorrect question

  • Incorrect question

     Irene-TutorialsDojo updated 1 week, 3 days ago 2 Members · 4 Posts
    AWS Certified Security – Specialty

  • lvalette

    Member
    February 4, 2026 at 10:13 pm

    Incorrect question :

    A company manages multiple AWS accounts in AWS Organizations to handle critical data and transactional systems. They deal with a significant volume of sensitive information. The company stores data in both Amazon S3 and Amazon DynamoDB. Data processing and analysis are using AWS Lambda.

    To ensure the utmost data security, the company needs to implement a solution that encrypts all sensitive data at rest and enforces the principle of least privilege data access controls. The company has created a customer-managed key in AWS Key Management Service (AWS KMS) for encryption purposes and must use the key for all encryptions.

    What should the company do next to meet these requirements?

    The following is a good answer, and even more than the one given:

    Enable server-side encryption for Amazon S3 buckets and Amazon DynamoDB. Attach an IAM policy that allows kms:Decrypt action to a Lambda IAM role. Set up an AWS Config rule to issue alerts for resources lacking encryption with the key.

  • Irene-TutorialsDojo

    Administrator
    February 5, 2026 at 12:35 pm

    Hello lvalette,

    Thanks for raising this concern. We’ve reviewed the item and made updates to ensure it aligns with the latest AWS documentation and exam best practices.

    The question and explanation have been refined to clearly emphasize organization-wide enforcement, preventive controls, and mandatory use of a specific customer-managed AWS KMS key. The updated explanation now correctly reflects how AWS services use KMS keys, the role of key policies in enforcing least privilege, and why Service Control Policies (SCPs) are required to prevent the creation of noncompliant Amazon S3 and DynamoDB resources across multiple AWS accounts.

    Thank you for helping us improve the quality and accuracy of our AWS practice exams. If you have any other questions or spot anything else, feel free to let us know—we’re happy to help.

    Cheers,

    Irene @ Tutorials Dojo

  • lvalette

    Member
    February 5, 2026 at 4:13 pm

    Thanks for your quick and detailed answer, we are agree in that way.

    Cheers

    • Irene-TutorialsDojo

      Administrator
      February 6, 2026 at 12:23 pm

      Thanks for confirming, and we appreciate the discussion as well.

      If anything else comes up or if there are other items you’d like us to review, feel free to reach out anytime. Happy studying! 🚀

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now
Skip to content