AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A financial institution utilizes a key management service to enhance the security of its data-at-rest within cloud storage services. They aim to adhere to a stringent security protocol that requires the automatic renewal of encryption materials. Which approach can the institution implement to fulfill this requirement without altering the existing key identifiers or metadata?
Delegating the renewal process until the key reaches its designated expiration period.
Enabling automatic renewal for the encryption keys through the service's management console or API.
Creating a new key manually every five years while disabling the old one.
Establishing a manual process where the keys are only updated in response to a security incident.