A company has an AWS Key Management Service (AWS KMS) customer managed key with imported key material. Company policy requires all encryption keys to be rotated every year.
What should a security engineer do to meet this requirement for this customer managed key?

A. Enable automatic key rotation annually for the existing customer managed key.

B. Use the AWS CLI to create an AWS Lambda function to rotate the existing customer managed key annually.

C. Import new key material to the existing customer managed key. Manually rotate the key.

D. Create a new customer managed key. Import new key material to the new key. Point the key alias to the new key.








 

Suggested Answer: D

Community Answer: D




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.