Q374.A company is planning to host a three -tier application in the AWS Cloud. The application layer will use Amazon EC2 in an Auto Scaling group. A custom EC2 role named AppServer will be created and associated with the application instances. The entire application stack will be deployed using AWS
CloudFormation. The company's security team requires encryption of all AMI snapshots and Amazon Elastic Block Store (Amazon EBS) volumes with an AWS Key Management Service (AWS KMS) CMK.Which action will deploy the stack correctly after the AMI snapshot is encrypted with the KMS key?
A.Update the KMS key policy to provide the required permissions to the AppServer role. B.Update the KMS key policy to provide the required permissions to the AWSServiceRoleForAutoScaling service-linked role. C.Update the AppServer role to have the required permissions to access the KMS key. D.Update the CloudFormation stack role to have the required permissions to access the KMS key.正确答案B