AWS Certified Security – Specialty — Question 43

The Development team receives an error message each time the team members attempt to encrypt or decrypt a Secure String parameter from the SSM
Parameter Store by using an AWS KMS customer managed key (CMK).
Which CMK-related issues could be responsible? (Choose two.)

Answer options

• A. The CMK specified in the application does not exist.
• B. The CMK specified in the application is currently in use.
• C. The CMK specified in the application is using the CMK KeyID instead of CMK Amazon Resource Name.
• D. The CMK specified in the application is not enabled.
• E. The CMK specified in the application is using an alias.

Correct answer: A, D

Explanation

Option A is correct because if the specified CMK does not exist, it cannot be used for encryption or decryption. Option D is also correct since a disabled CMK cannot perform any cryptographic operations. The other options do not necessarily prevent the CMK from functioning correctly.