AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company utilizes Amazon S3 to store sensitive customer data. They are required by compliance regulations to encrypt their data at rest. Which of the following options adheres to security best practices for managing encryption keys for this scenario?
Store the encryption keys in the same Amazon S3 bucket as the data, using a dedicated directory for keys.
Implement AWS Certificate Manager (ACM) to create and manage encryption keys used for Amazon S3 server-side encryption.
Use AWS Secrets Manager to create and manage encryption keys for Amazon S3 data encryption.
Use AWS Key Management Service (KMS) with customer-managed keys (CMKs) and enable automatic key rotation.