Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

A security engineer is setting up an AWS CloudTrail trail for all regions in an...

  1. Home
  2. Amazon Web Services
  3. AWS Certified Specialty
  4. SCS-C02
  5. SCS-C02 Questions
  6. AWS Certified Security - Specialty Practice Questions

A security engineer is setting up an AWS CloudTrail trail for all regions in an AWS account. For added security, the logs are stored using server-side encryption with AWS KMS-managed keys (SSE-KMS) and have log integrity validation enabled.

While testing the solution, the security engineer discovers that the digest files are readable, but the log files are not. What is the MOST likely cause?

A.

The log flies fail integrity validation and automatically are marked as unavailable.

B.

The KMS key policy does not grant the security engineer's 1AM user or rote permissions to decrypt with it.

C.

The bucket is set up to use server-side encryption with Amazon S3-managed keys (SSE-S3) as the default and does not allow SSE-KMS-encrypted files.

D.

An 1AM policy applicable to the security engineer's 1AM user or role denies access to the "CloudTraiir prefix in the Amazon S3 bucket.

Amazon Web Services SCS-C02 View All Questions

Amazon Web Services SCS-C02 Summary

  • Vendor: Amazon Web Services
  • Product: SCS-C02
  • Update on: Aug 2, 2025
  • Questions: 417
Price: $52.5  $149.99
Buy Now SCS-C02 PDF + Testing Engine Pack
Next
A company hosts an end user application on AWS Currently the company deploys the application...
A company has multiple accounts in the AWS Cloud.
Previous

Payments We Accept

Your purchase with ExamsVCE is safe and fast. Your products will be available for immediate download after your payment has been received.
The ExamsVCE website is protected by 256-bit SSL from McAfee, the leader in online security.

examsvce payment method

Contact Us

Copyright © 2013-2025 examsvce.com. All Rights Reserved
mcafee secure

TESTED 02 Aug 2025