DEA-C01 Data Security and Governance • Set 2
DEA-C01 Data Security and Governance Practice Test 2 — 15 questions with explanations. Free, no signup.
A healthcare company uses AWS Glue to process patient data stored in Amazon S3. The data is encrypted at rest using SSE-KMS with a customer managed key. The Glue ETL job runs on a schedule and reads from an S3 bucket, transforms the data, and writes to another S3 bucket also encrypted with the same KMS key. Recently, the security team rotated the KMS key. After the rotation, the Glue job started failing with 'AccessDenied' errors when trying to read from the source bucket. The Glue job's IAM role has permissions to use the KMS key (kms:Decrypt, kms:GenerateDataKey). The S3 bucket policies allow the role to read/write. What is the MOST likely cause of the failure?