AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A financial services company is leveraging cloud storage services to retain transaction records. These records contain privileged client information that needs to be encrypted when not in use. The company's security team must have the capability to manage encryption keys centrally, including the facilitation of periodic, automated key changes. Which configuration should be implemented to meet these encryption management requirements?
Create customer controlled keys and use a scheduled script to change the key material manually.
Implement managed service keys with a policy for key rotation every three years.
Create customer controlled keys with enabled automated rotation on an annual schedule.
Rely on developers to generate and replace keys on a regular basis through a manual update process.