You’re the lead developer for a company that uses AWS KMS to decrypt passwords from an AWS RDS MySQL database using an asymmetric CMK. While decrypting the data, you receive an InvalidCiphertextException error which causes the application to fail. You have made sure that the CMK ID used is accurate. What could have caused this error?

Answer options:

A.EncryptionAlgorithm set to default value.
B.EncryptionContext is empty.
C.GrantTokens is an empty array.
D.KeyId is empty.

Answer: A
Option A is CORRECT as asymmetric CMKs cannot use the default algorithm as the default one is used for symmetric only. It is required to record the algorithm during encryption and provide the exact one during decryption. On the contrary, for symmetric CMKs, the default value would work.
Option B is incorrect. This is not a required parameter and so leaving it empty will not cause this error.
Option C is incorrect as GrantTokens is not a required parameter but takes values in an array, and so it will not cause the error.
Option D is incorrect as it is mentioned that the CMK ID is verified and accurate.
Reference:
https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html