🔥 3-day streak
AWS Certified Developer - Associate77 / 150
Question 77 of 150

A developer is building a document management service that encrypts tenant files using AWS KMS. Each file belongs to a specific tenant, and the security team requires that a decryption request must fail if it does not specify the same tenant identifier that was used at encryption time, without creating a separate KMS key per tenant. Which approach satisfies this requirement?

Reviewed for accuracy · Report an issueNext question