DVA-C02 Development with AWS Services • Set 13
DVA-C02 Development with AWS Services Practice Test 13 — 15 questions with explanations. Free, no signup.
The IAM policy above is attached to a user. The user tries to decrypt a KMS key with encryption context {"department": "finance"}. What will happen?
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "kms:Decrypt",
"Resource": "arn:aws:kms:us-east-1:123456789012:key/abc123",
"Condition": {
"StringEquals": {
"kms:EncryptionContext:department": "finance"
}
}
},
{
"Effect": "Deny",
"Action": "kms:Decrypt",
"Resource": "*",
"Condition": {
"StringNotEquals": {
"kms:EncryptionContext:department": "finance"
}
}
}
]
}