AWS Certified Developer Associate DVA-C02 Practice Question
You have been tasked with ensuring that the encryption keys for critical data storage services are automatically renewed periodically in compliance with company policy, which requires key regeneration every 12 months. What is the BEST method to accomplish this for data stored using an Amazon service that allows object storage?
Schedule a CloudWatch Events rule to invoke a function to re-encrypt data in the object storage service using a new encryption key annually
Set the automatic rotation feature for the customer-managed key in the encryption key management service
Opt for the default encryption feature of the object storage service to manage key rotation automatically
Develop a routine operation process to generate a new encryption key and manually apply it to the object storage service annually
The service in question for object storage on Amazon is S3, and the proper way to achieve automatic key rotation is to enable it for the customer-managed key used for encrypting data at rest. By doing so, the key will be automatically rotated on the specified schedule, satisfying the company's internal security policies. The other options provided do not meet the requirement for automatic rotation or apply to different types of key management that do not provide automatic rotation functionality.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are customer-managed keys in AWS?
Open an interactive chat with Bash
How does automatic key rotation work in AWS KMS?
Open an interactive chat with Bash
What is the significance of data encryption in Amazon S3?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access