Crucial Exams

AWS Certified Solutions Architect Associate SAA-C03 Practice Question

An enterprise needs to ensure the encryption of sensitive data stored in their Amazon S3 buckets. The company has mandated that its own encryption keys must be used, and those keys must be capable of being rotated on a company-defined schedule and disabled immediately in the event of a security breach. Which of the following configurations should be implemented to meet these specific requirements?

  • Use an AWS-managed CMK in AWS KMS without enabling key rotation.

  • Use an AWS-managed KMS key and rely on its automatic annual rotation.

  • Use Amazon S3-managed keys (SSE-S3) for encryption and handle rotation outside of AWS.

  • Create a customer-managed CMK in AWS KMS, use it to encrypt the S3 buckets (SSE-KMS), and manage rotation/disablement according to the company policy.

AWS Certified Solutions Architect Associate SAA-C03
Design Secure Architectures
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot