What additional items need to be added to the IAM user policy?

An IAM user with fill EC2 permissions could bot start an Amazon EC2 instance after it was stopped for a maintenance task. Upon starting the instance, the instance state would change to “Pending”, but after a few seconds, it would switch back to “Stopped”.

An inspection revealed that the instance has attached Amazon EBS volumes that were encrypted by using a Customer Master Key (CMK). When these encrypted volumes were detached, the IAM user was able to start the EC2 instances.

The IAM user policy is as follows:

What additional items need to be added to the IAM user policy? (Choose two.)
A . kms:GenerateDataKey
B . kms:Decrypt
C . kms:CreateGrant
D . “ Condition”: {
“Bool”: {
“kms:ViaService”: “ec2.us-west-2.amazonaws.com”
}
}

E . “Condition”: {
“Bool”: {
“kms:GrantIsForAWSResource”: true
}
}

Answer: AD

Latest SCS-C01 Dumps Valid Version with 470 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments