AWS Certified Security - Specialty (#107)

A Security Engineer who was reviewing AWS Key Management Service (AWS KMS) key policies found this statement in each key policy in the company AWS account.

What does the statement allow?

All principals from all AWS accounts to use the key.
Only the root user from account 111122223333 to use the key.
All principals from account 111122223333 to use the key but only on Amazon S3.
Only principals from account 111122223333 that have an IAM policy applied that grants access to this key to use the key.