PrepAway - Latest Free Exam Questions & Answers

What can be done to implement the above policy?

A company has a customer master key (CMK) with imported key materials. Company policy requires that all encryption keys must be rotated every year.

What can be done to implement the above policy?

A. Enable automatic key rotation annually for the CMK.

B. Use AWS Command Line interface to create an AWS Lambda function to rotate the existing CMK annually.

C. Import new key material to the existing CMK and manually rotate the CMK.

D. Create a new CMK, import new key material to it, and point the key alias to the new CMK.

Reference https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html


Leave a Reply

Your email address will not be published. Required fields are marked *