[Solved] A team configures an S3 bucket with default encryption set to SSE-KMS using a customer-managed key.... What is the most probable cause? | AWS

AWS - S3 Fundamentals

A team configures an S3 bucket with default encryption set to SSE-KMS using a customer-managed key. However, when users try to upload objects, they receive AccessDenied errors. What is the most probable cause?

AThe S3 bucket policy denies all uploads

BThe users lack permissions to use the specified KMS key for encryption

CThe bucket default encryption is set to SSE-S3, not SSE-KMS

DThe objects are too large for SSE-KMS encryption

Step-by-Step Solution

Solution:

Step 1: Understand default encryption with SSE-KMS
When default encryption is set to SSE-KMS with a customer-managed key, users must have permission to use that KMS key.
Step 2: Analyze the error
AccessDenied errors during upload typically indicate missing KMS key permissions for the user or role.
Final Answer:
The users lack permissions to use the specified KMS key for encryption -> Option B
Quick Check:
Missing KMS key permissions cause AccessDenied on SSE-KMS uploads [OK]

Quick Trick: KMS key permissions required for SSE-KMS uploads [OK]

Common Mistakes:

Assuming bucket policy is the cause without checking KMS permissions
Confusing SSE-S3 with SSE-KMS settings
Believing object size affects SSE-KMS encryption capability

Master "S3 Fundamentals" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More AWS Quizzes

What is the most probable cause?

Step 1: Understand default encryption with SSE-KMS

Step 2: Analyze the error

Final Answer:

Quick Check:

Want More Practice?