Question 1

A company requires that all data stored in Amazon EBS volumes be encrypted at rest. The company also requires the ability to automatically rotate the encryption keys every year. Which AWS KMS key type should be used?

Accepted Answer

If a requirement mentions 'ability to control/configure rotation' or 'manage policies', it requires a Customer Managed Key.

Question 2

What mistakes do candidates make on this AWS SAA-C03 question?

Accepted Answer

Choosing AWS managed key. While AWS managed keys do rotate automatically, the customer does not have the 'ability' to manage this rotation (it's forced).

A company requires that all data stored in Amazon EBS volumes be encrypted at rest. The company also requires the ability to automatically rotate the encryption keys every year. Which AWS KMS key type should be used?

How to approach this question

Full Answer

Common mistakes

Practice the full AWS SAA-C03 Practice Exam 1

More questions from this exam