Practice Test 2 | AWS Certified Solutions Architect Associate | SAA-C03 | Dumps | Mock Test
Your company uses KMS to fully manage the master keys and performing encryption and decryption operations on your data and in your applications. As an additional level of security, you now recommend AWS rotate your keys. What happens after enabling this additional feature?
A. Enable AWS KMS to rotate keys and KMS will manage all encrypt/decrypt actions using the appropriate keys
B. Your company must instruct KMS to re-encrypt all data in all services each time a new key is created
C. You have 30 days to delete old keys after a new one is rotated in
D. Your company must create its own keys and import to them to KMS to enable key rotation
Explanation:
Answer: A
- A. KMS will rotate keys annually and use the appropriate keys to perform cryptographic operations
Incorrect:
- B. This is not necessary. KMS, as a managed service, will keep old keys and perform operations based on the appropriate key
- C. This is not a requirement of KMS
- D. This is not a requirement of KMS
Reference:
Comments are closed, but trackbacks and pingbacks are open.