ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 129 - SCS-C02 discussion

Report
Export

A company has an AWS Key Management Service (AWS KMS) customer managed key with imported key material Company policy requires all encryption keys to be rotated every year

What should a security engineer do to meet this requirement for this customer managed key?

A.
Enable automatic key rotation annually for the existing customer managed key
Answers
A.
Enable automatic key rotation annually for the existing customer managed key
B.
Use the AWS CLI to create an AWS Lambda function to rotate the existing customer managed key annually
Answers
B.
Use the AWS CLI to create an AWS Lambda function to rotate the existing customer managed key annually
C.
Import new key material to the existing customer managed key Manually rotate the key
Answers
C.
Import new key material to the existing customer managed key Manually rotate the key
D.
Create a new customer managed key Import new key material to the new key Point the key alias to the new key
Answers
D.
Create a new customer managed key Import new key material to the new key Point the key alias to the new key
Suggested answer: A

Explanation:

To meet the requirement of rotating the AWS KMS customer managed key every year, the most appropriate solution would be to enable automatic key rotation annually for the existing customer managed key. This will ensure that AWS KMS generates new cryptographic material for the CMK every year. AWS KMS also saves the CMK's older cryptographic material in perpetuity so it can be used to decrypt data that it encrypted. AWS KMS does not delete any rotated key material until you delete the CMK.

asked 16/09/2024
Achref hellal
33 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first