AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A financial institution requires encrypted storage of customer records with stringent control over encryption keys, including the need for automated rotation and the ability to invalidate obsolete keys. Which cloud service feature should be implemented to fulfill these requirements?
Cloud-based managed service for storage encryption using default managed keys without automated rotation settings.
A cloud-based key management service with customer managed keys and configuration options for automatic rotation and manual key invalidation.
On-premises management of encryption keys and manual encryption processes prior to transmission to the cloud, with administrative key rotation protocols.
Cloud-managed service for storage encryption providing default encryption keys, requiring periodic manual regeneration of keys by replicating the encrypted objects.
AWS Key Management Service (KMS) with customer managed keys is the correct solution because it allows users to fully manage their encryption keys, including enabling automatic key rotation and manual key deactivation. AWS KMS is designed to allow customers to easily create and manage encryption keys and define the policies that control their use across numerous services and applications. Automated rotation simplifies the key lifecycle management process, which is a crucial aspect of maintaining a secure encryption strategy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.