-
Hello lvalette,
Thanks for raising this concern. We’ve reviewed the item and made updates to ensure it aligns with the latest AWS documentation and exam best practices.
The question and explanation have been refined to clearly emphasize organization-wide enforcement, preventive controls, and mandatory use of a specific customer-managed AWS KMS key. The updated explanation now correctly reflects how AWS services use KMS keys, the role of key policies in enforcing least privilege, and why Service Control Policies (SCPs) are required to prevent the creation of noncompliant Amazon S3 and DynamoDB resources across multiple AWS accounts.
Thank you for helping us improve the quality and accuracy of our AWS practice exams. If you have any other questions or spot anything else, feel free to let us know—we’re happy to help.
Cheers,
Irene @ Tutorials Dojo
