ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 291 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 291
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A security engineer must use AWS Key Management Service (AWS KMS) to design a key management solution for a set of Amazon Elastic Block Store (Amazon
EBS) volumes that contain sensitive data. The solution needs to ensure that the key material automatically expires in 90 days.
Which solution meets these criteria?

  • A. A customer managed CMK that uses customer provided key material
  • B. A customer managed CMK that uses AWS provided key material
  • C. An AWS managed CMK
  • D. Operation system-native encryption that uses GnuPG
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by roger8978 at Dec. 31, 2021, 6:45 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TigerInTheCloud
Highly Voted 3 years, 1 month ago
Selected Answer: A
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/kms/import-key-material.html aws kms import-key-material \ --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \ --encrypted-key-material fileb://EncryptedKeyMaterial.bin \ --import-token fileb://ImportToken.bin \ --expiration-model KEY_MATERIAL_EXPIRES \ --valid-to 2021-09-21T19:00:00Z
upvoted 5 times
...
Raphaello
Most Recent 1 year, 3 months ago
Selected Answer: A
Correct answer is A. You can select your KMS key with imported key material expiration date. https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-managing.html
upvoted 1 times
...
jishrajesh
2 years, 5 months ago
Selected A
upvoted 4 times
...
[Removed]
2 years, 5 months ago
B, A requires manual rotation
upvoted 1 times
...
vikaswalajay
2 years, 8 months ago
Not A Manual rotation is a good choice when you want to control the key rotation schedule. It also provides a way to rotate KMS keys that are not eligible for automatic key rotation, including asymmetric KMS keys, HMAC KMS keys, KMS keys in custom key stores, and KMS keys with imported key material.
upvoted 1 times
...
dcasabona
2 years, 10 months ago
Selected Answer: A
I agree on option A - KMS CMK
upvoted 1 times
...
sapien45
2 years, 10 months ago
Selected Answer: A
Just did it with external key material. Expiration option available on the last screen
upvoted 3 times
...
Radhaghosh
3 years, 4 months ago
Key Rotation 90 days --> It has to be Customer Managed Key with Imported Key Material. Option A
upvoted 1 times
...
sam_live
3 years, 4 months ago
answer A. go to AWS KMS console and try to configure AWS CMK with external key. The option to set expiration date is available at the end of last step where the key is uploaded to CMK.
upvoted 4 times
...
LearnMeSomeAWS
3 years, 4 months ago
"A"- adjusting expire dates can only be oone with imported key material, not AWS provided. From the link below "When you import key material, you can optionally specify a time at which the key material expires. When the key material expires, AWS KMS deletes the key material and the KMS key becomes unusable. To use the KMS key again, you must reimport key material."
upvoted 2 times
...
babaseun
3 years, 5 months ago
A......... https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-import-key-material.html
upvoted 2 times
...
roger8978
3 years, 5 months ago
A..........
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel