ExpertEasy1 markMultiple Choice
AWS SAA-C03 · Question 16 · Domain 1.3: Data Security
A company requires that all data stored in Amazon EBS volumes be encrypted at rest. The company also requires the ability to automatically rotate the encryption keys every year. Which AWS KMS key type should be used?
A company requires that all data stored in Amazon EBS volumes be encrypted at rest. The company also requires the ability to automatically rotate the encryption keys every year. Which AWS KMS key type should be used?
Answer options:
A.
AWS owned key
B.
AWS managed key
C.
Customer managed key
D.
CloudHSM key
How to approach this question
If a requirement mentions 'ability to control/configure rotation' or 'manage policies', it requires a Customer Managed Key.
Full Answer
C.Customer managed key✓ Correct
Customer managed keys are KMS keys in your AWS account that you create, own, and manage. You can enable automatic key rotation for customer managed keys, which rotates the key material every year.
Common mistakes
Choosing AWS managed key. While AWS managed keys do rotate automatically, the customer does not have the 'ability' to manage this rotation (it's forced).
Practice the full AWS SAA-C03 Practice Exam 1
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02A solutions architect is designing an application that will run on Amazon EC2 instances. The appl...EasyQ03A company wants to implement a federated identity solution for its employees to access the AWS Ma...MediumQ04A mobile application needs to access Amazon DynamoDB directly to read user-specific data. The app...HardQ05A company is hosting a web application on Amazon EC2 instances. The application connects to an Am...Medium