AWS Certified Developer Associate DVA-C02 Practice Question
A developer is storing sensitive data in an Amazon S3 bucket encrypted with a customer-managed AWS KMS key. A new security policy requires that the underlying cryptographic key be changed annually to limit the amount of data protected by a single key. How can the developer meet this requirement with the LEAST amount of operational overhead?
Create a new alias for the KMS key each year and point it to the original key.
Create a new KMS key each year and update the application to use the new key ID.
Enable automatic key rotation for the KMS key.
Update the KMS key policy to specify a rotation schedule.
The most efficient way to meet the requirement for annually changing the underlying key is to enable automatic key rotation on the customer-managed KMS key. AWS KMS will then automatically generate a new backing key each year. The key ID of the customer-managed key remains the same, ensuring no application changes are needed to use the new backing key. Manually creating a new key each year and updating the application's configuration is a valid approach but incurs significant operational overhead. Key policies are used to define permissions for the key, not to configure a rotation schedule. Creating a new alias is for providing a friendly name to a key and does not rotate the underlying cryptographic material.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is key rotation considered a security best practice?
Open an interactive chat with Bash
How is key rotation implemented in AWS Key Management Service (KMS)?
Open an interactive chat with Bash
What is the difference between key rotation and key revocation?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .