Crucial Exams

AWS Certified Solutions Architect Associate SAA-C03 Practice Question

An enterprise needs to ensure the encryption of sensitive data stored in their Amazon S3 buckets. The company has mandated that its own encryption keys must be used, which requires them to be periodically rotated and immediately disabled in the event of a security breach. Which of the following configurations should be implemented to meet these specific requirements?

  • Create a customer-managed CMK in AWS KMS, enable manual rotation, and use this key to encrypt the S3 buckets.

  • Use Amazon S3-Managed Keys (SSE-S3) for encryption and handle rotation outside of AWS.

  • Use AWS KMS managed keys and enable the automatic rotation feature, which occurs annually.

  • Use an AWS Managed CMK in AWS KMS without enabling key rotation.

AWS Certified Solutions Architect Associate SAA-C03
Design Secure Architectures
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot