SAA-C03 · Question #651
SAA-C03 Question #651: Real Exam Question with Answer & Explanation
The correct answer is C: Create a symmetric customer managed KMS key. Enable automatic key rotation.. Only symmetric customer managed KMS keys support automatic key rotation, deactivation, and scheduled deletion. Asymmetric keys do not support automatic rotation. Therefore, creating a symmetric customer managed KMS key and enabling automatic key rotation meets all the requirement
Question
A company decides to use AWS Key Management Service (AWS KMS) for data encryption operations. The company must create a KMS key and automate the rotation of the key. The company also needs the ability to deactivate the key and schedule the key for deletion. Which solution will meet these requirements?
Options
- ACreate an asymmetric customer managed KMS key. Enable automatic key rotation.
- BCreate a symmetric customer managed KMS key. Disable the envelope encryption option.
- CCreate a symmetric customer managed KMS key. Enable automatic key rotation.
- DCreate an asymmetric customer managed KMS key. Disable the envelope encryption option.
Explanation
Only symmetric customer managed KMS keys support automatic key rotation, deactivation, and scheduled deletion. Asymmetric keys do not support automatic rotation. Therefore, creating a symmetric customer managed KMS key and enabling automatic key rotation meets all the requirements for secure, manageable encryption key lifecycle operations.
Community Discussion
No community discussion yet for this question.