An enterprise has a central logging account where all AWS CloudTrail logs from 100 member accounts are stored in a single S3 bucket. The security team needs to query these logs using Amazon Athena. However, they are encountering KMS decryption errors when Athena tries to read the logs. The S3 bucket is encrypted with an AWS KMS Customer Managed Key (CMK). What is the MOST likely cause of the error?

Identify the specific permission required to read KMS-encrypted data.

What mistakes do candidates make on this AWS SAP-C02 question?

Assuming S3 permissions are sufficient to read encrypted data.

Q01A global enterprise is redesigning its network architecture across 50 AWS accounts. They require ...Hard

Q02A financial services company uses AWS Organizations to manage 100+ accounts. The security team ma...Medium

Q03An e-commerce company requires a multi-region active-active architecture for its critical order p...Medium

Q04A company is setting up a new AWS environment using AWS Control Tower. They need to ensure that a...Hard

Q05An enterprise has 50 AWS accounts under AWS Organizations. They want to implement a chargeback mo...Medium