🔥 3-day streak
AWS Certified Security - Specialty112 / 184
Question 112 of 184

A company granted a partner's AWS account temporary access to decrypt objects protected by a customer managed KMS key. Access was originally provisioned using a KMS grant created by a Lambda function. The partnership has now ended, and the security team must ensure the partner can no longer perform any Decrypt operations with the key as quickly as possible, without impacting the many internal applications that continue to use the same key. Which action BEST meets this requirement?

Reviewed for accuracy · Report an issueNext question