🔥 3-day streak
AWS Certified SysOps Administrator - Associate96 / 150
Question 96 of 150

A SysOps administrator must prove to auditors that a specific Lambda function is the only workload decrypting sensitive records with a customer managed KMS key, and that each decryption request can be tied to a particular tenant. The team currently uses a shared symmetric CMK. Which approach best meets these requirements with the least custom code?

Reviewed for accuracy · Report an issueNext question