Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An organization utilizes AWS to encrypt its sensitive data. The security policies state that the encryption keys must be rotated on a regular basis to mitigate the risk of key compromise. Which approach should be implemented to fulfill this requirement while ensuring seamless decryption of both new and existing datasets?
Remove existing keys at each cycle and establish fresh keys for new encryption operations.
Enable automatic key rotation for the encryption service.
Generate and import key material from an external source into the existing key setup on a set schedule.
Manually create a new key and re-encrypt all data periodically.
This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 /
Design Secure Architectures
