AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A financial institution requires encrypted storage of customer records with stringent control over encryption keys, including the need for automated rotation and the ability to invalidate obsolete keys. Which cloud service feature should be implemented to fulfill these requirements?
Cloud-based managed service for storage encryption using default managed keys without automated rotation settings.
Cloud-managed service for storage encryption providing default encryption keys, requiring periodic manual regeneration of keys by replicating the encrypted objects.
On-premises management of encryption keys and manual encryption processes prior to transmission to the cloud, with administrative key rotation protocols.
A cloud-based key management service with customer managed keys and configuration options for automatic rotation and manual key invalidation.