AWS Certified Developer Associate DVA-C02 Practice Question
A financial services company is looking to implement a strategy for secure management of their encryption keys. They wish for the keys to be automatically renewed at regular intervals to maintain a robust security posture. Which action should be taken to meet this requirement using AWS services?
Rotate the service-managed master keys manually on a regular schedule
Modify the policy of the master key to specify automatic rotation frequency
Enable automatic rotation for a customer-created master key in the encryption service
Implement a custom scripted solution to rotate master keys every quarter
Enabling automatic rotation for a customer master key (CMK) is the best practice advised by cloud security professionals, which AWS supports. Upon enabling, the service will automatically perform the rotation of the key on an annual basis. This process involves generating new cryptographic material without the need to update or modify the dependent applications. AWS managed keys, by default, rotate every three years, and the rotation schedule is not user-configurable. Specifying custom rotation intervals or manually rotating AWS managed keys is not a supported feature within the service.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Customer Master Key (CMK) in AWS?
Open an interactive chat with Bash
What does it mean to enable automatic rotation for a CMK?
Open an interactive chat with Bash
Why is automatic key rotation considered a best practice?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access