Which solution will meet these requirements?

By:
On:
In: SCS-C01
Tagged:
With: 0 Comments
A company decides to use AWS Key Management Service (AWS KMS) for data encryption operations.The company must create a KMS key and automate the rotation of the key.The company also needs the ability to deactivate the key and schedule the key for deletion.

Which solution will meet these requirements?

Create an asymmetric customer managed KMS key. Enable automatic key rotation.

Create a symmetric customer managed KMS key. Disable the envelope encryption option.

Create a symmetric customer managed KMS key. Enable automatic key rotation.

Create an asymmetric customer managed KMS key. Disable the envelope encryption option.

Explanations:

Asymmetric keys in AWS KMS cannot have automatic key rotation. Rotation is only supported for symmetric keys.

Disabling envelope encryption is unrelated to key rotation or deletion. Envelope encryption is a concept used for data encryption, not key lifecycle management.

Symmetric customer-managed KMS keys support automatic key rotation, deactivation, and scheduling for deletion. This option meets all the specified requirements.

Asymmetric keys cannot support automatic key rotation, which is required for this solution. Additionally, disabling envelope encryption is irrelevant to the problem’s requirements.

Leave a Reply

Your email address will not be published. Required fields are marked *

6 − 4 =