Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A financial institution utilizes a key management service to enhance the security of its data-at-rest within cloud storage services. They aim to adhere to a stringent security protocol that requires the automatic renewal of encryption materials. Which approach can the institution implement to fulfill this requirement without altering the existing key identifiers or metadata?

  • Delegating the renewal process until the key reaches its designated expiration period.

  • Enabling automatic renewal for the encryption keys through the service's management console or API.

  • Creating a new key manually every five years while disabling the old one.

  • Establishing a manual process where the keys are only updated in response to a security incident.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:

Check or uncheck an objective to set which questions you will receive.