A SysOps Administrator using AWS KMS needs to rotate all customer master keys (CMKs) every week to meet Information Security guidelines. Which option would meet the requirement?
A.
Create a new CMK every 7 days to manually rotate the encryption keys.
B.
Enable key rotation on the CMKs and set the rotation period to 7 days.
C.
Switch to using AWS CloudHSM as AWS KMS does not support key rotation.
D.
Use data keys for each encryption task to avoid the need to rotate keys.
https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-aws-managed-keys
Customer managed keys
Automatic key rotation is disabled by default on customer managed keys but authorized users can enable and disable it. When you enable (or re-enable) automatic key rotation, AWS KMS automatically rotates the KMS key one year (approximately 365 days) after the enable date and every year thereafter.
AWS managed keys
AWS KMS automatically rotates AWS managed keys every year (approximately 365 days). You cannot enable or disable key rotation for AWS managed keys.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Newguru2020
Highly Voted 1 year, 7 months agor_man
1 year, 7 months agoFinger41
Most Recent 10 months, 1 week agoabhishek_m_86
1 year, 6 months agojackdryan
1 year, 6 months agoMFDOOM
1 year, 6 months agoImranR
1 year, 6 months ago