Exam AWS Certified Security - Specialty topic 1 question 41 discussion

Most of the Parameter Store failures related to CMKs are caused by the following problems: The credentials that an application is using do not have permission to perform the specified action on the CMK. To fix this error, run the application with different credentials or revise the IAM or key policy that is preventing the operation. For help with AWS KMS IAM and key policies, see Authentication and Access Control for AWS KMS. The CMK is not found. This typically happens when you use an incorrect identifier for the CMK. Find the correct identifiers for the CMK and try the command again. The CMK is not enabled. When this occurs, Parameter Store returns an InvalidKeyId exception with a detailed error message from AWS KMS. If the CMK state is Disabled, enable it. If it is Pending Import, complete the import procedure. If the key state is Pending Deletion, cancel the key deletion or use a different CMK. To find the key state of a CMK in the AWS KMS console, on the Customer managed keys or AWS managed keys page, see the Status column. To use the AWS KMS API to find the status of a CMK, use the DescribeKey operation.

Answer A, D https://docs.amazonaws.cn/en_us/kms/latest/developerguide/services-parameter-store.html

KMS key is either disabled, or does not exist. AD.

A and D

A and D , similar to other questions asked

A & D is the Answer

A and D for sure

AD it is

Ans: AD 100%

A & D are correct

Ans > A,D

Ans (A & D)

Ans (A & D)

C cant be right as you can use either KeyID or Key ARN to get Parameter, example from AWS documentation aws ssm put-parameter --name param1 --value "secret" --type SecureString --key-id 1234abcd-12ab-34cd-56ef-1234567890ab aws ssm put-parameter --name MyParameter --value "secret_value" --type SecureString --tier Advanced --key-id arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

I also will choose A+D

AD correct

I would like to say A & D