Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

A financial services company is leveraging cloud storage services to retain transaction records. These records contain privileged client information that needs to be encrypted when not in use. The company's security team must have the capability to manage encryption keys centrally, including the facilitation of periodic, automated key changes. Which configuration should be implemented to meet these encryption management requirements?

  • Implement managed service keys with a policy for key rotation every three years.

  • Create customer controlled keys with enabled automated rotation on an annual schedule.

  • Create customer controlled keys and use a scheduled script to change the key material manually.

  • Rely on developers to generate and replace keys on a regular basis through a manual update process.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:

Check or uncheck an objective to set which questions you will receive.