🔥 3-day streak
AWS Certified Security - Specialty105 / 184
Question 105 of 184
A security engineer creates a customer managed KMS key using the AWS CLI and specifies a custom key policy. The policy grants encrypt/decrypt permissions to a specific application IAM role but does NOT include any statement granting the account root principal access, and it does not enable IAM policies to control the key. Several weeks later, the application role is accidentally deleted during a cleanup, and no other principal can manage or use the key. What is the state of the key and the recommended prevention?
Reviewed for accuracy · Report an issueNext question