What is the function of the following IAM Key Management Service (KMS) key policy attached to a customer master key (CMK)? [image: https://examprepare.s3.amazonaws.com/Amazon/SCS-C01_Exam_Amazon_Specialty_2025_126-0.png]
A Security Engineer who was reviewing IAM Key Management Service (IAM KMS) key policies found this statement in each key policy in the company IAM account. What does the statement allow?
A Software Engineer wrote a customized reporting service that will run on a fleet of Amazon EC2 instances. The company security policy states that application logs for the reporting service must be centrally collected. What is the MOST efficient way to meet these requirements?
A Security Engineer is trying to determine whether the encryption keys used in an IAM service are in compliance with certain regulatory standards. Which of the following actions should the Engineer perform to get further guidance?
An application has been written that publishes custom metrics to Amazon CloudWatch. Recently, IAM changes have been made on the account and the metrics are no longer being reported. Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?
A global company that deals with International finance is investing heavily in cryptocurrencies and wants to experiment with mining technologies using IAM. The company's security team has enabled Amazon GuardDuty and is concerned by the number of findings being generated by the accounts. The security team wants to minimize the possibility of GuardDuty finding false negatives for compromised instances that are performing mining How can the security team continue using GuardDuty while meeting these requirements?
