⚡Flash Sale: 33% off Annual Membership, limited time only!⚡

CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

An enterprise needs to ensure the encryption of sensitive data stored in their Amazon S3 buckets. The company has mandated that its own encryption keys must be used, which requires them to be periodically rotated and immediately disabled in the event of a security breach. Which of the following configurations should be implemented to meet these specific requirements?

  • Create a customer-managed CMK in AWS KMS, enable manual rotation, and use this key to encrypt the S3 buckets.

  • Use an AWS Managed CMK in AWS KMS without enabling key rotation.

  • Use AWS KMS managed keys and enable the automatic rotation feature, which occurs annually.

  • Use Amazon S3-Managed Keys (SSE-S3) for encryption and handle rotation outside of AWS.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:
Design Secure Architectures
Design Resilient Architectures
Design High-Performing Architectures
Design Cost-Optimized Architectures