🔥 3-day streak
AWS Certified Security - Specialty101 / 184
Question 101 of 184

A company encrypts objects in an S3 bucket in Account A using a customer managed KMS key. A data-analytics application running under an IAM role in Account B must be able to read and decrypt these objects. The security team wants to grant the minimum access required and follow AWS best practices for cross-account KMS access. Which combination of configuration steps correctly enables Account B to decrypt the objects?

Reviewed for accuracy · Report an issueNext question