🔥 3-day streak
AWS Certified Security - Specialty98 / 184
Question 98 of 184
A security engineer manages a single KMS customer managed key used by multiple project teams. The compliance team requires that each team can only use the key to encrypt/decrypt data associated with their own project, distinguished by a request tag. The engineer wants to control this authorization through the KMS key policy without creating a separate key per team. Which approach correctly enforces per-team access using KMS cryptographic operations?
Reviewed for accuracy · Report an issueNext question