CLF-C02 Security and Compliance • Set 10
CLF-C02 Security and Compliance Practice Test 10 — 15 questions with explanations. Free, no signup.
A company stores sensitive financial reports in an Amazon S3 bucket. The company's security policy mandates that all objects be encrypted at rest using an AWS KMS customer-managed key. The security team wants to ensure that only the 'Auditors' IAM role can decrypt the objects, even though the S3 bucket policy allows read access to a broader set of users. Which of the following steps must the security team take to enforce this access control?