SCS-C02 · Question #277
SCS-C02 Question #277: Real Exam Question with Answer & Explanation
The correct answer is A: A customer managed CMK that uses customer provided key material. Go to AWS KMS console and try to configure AWS CMK with external key. The option to set expiration date is available at the end of last step where the key is uploaded to CMK.
Question
A security engineer must use AWS Key Management Service (AWS KMS) to design a key management solution for a set of Amazon Elastic Block Store (Amazon EBS) volumes that contain sensitive data. The solution needs to ensure that the key material automatically expires in 90 days. Which solution meets these criteria?
Options
- AA customer managed CMK that uses customer provided key material
- BA customer managed CMK that uses AWS provided key material
- CAn AWS managed CMK
- DOperating system-native encryption that uses GnuPG
Explanation
Go to AWS KMS console and try to configure AWS CMK with external key. The option to set expiration date is available at the end of last step where the key is uploaded to CMK.
Community Discussion
No community discussion yet for this question.