SCS-C02 · Question #385
SCS-C02 Question #385: Real Exam Question with Answer & Explanation
The correct answer is B: Disable the keys. Option A is invalid because once you schedule the deletion and waiting period ends, you cannot come back from the deletion process. Option C and D are invalid because these will not check to see if the keys are being used or not The AWS Documentation mentions the following Deleti
Question
You have a set of Keys defined using the AWS KMS service. You want to stop using a couple of keys , but are not sure of which services are currently using the keys. Which of the following would be a safe option to stop using the keys from further usage.
Options
- ADelete the keys since anyway there is a 7 day waiting period before deletion
- BDisable the keys
- CSet an alias for the key
- DChange the key material for the key
Explanation
Option A is invalid because once you schedule the deletion and waiting period ends, you cannot come back from the deletion process. Option C and D are invalid because these will not check to see if the keys are being used or not The AWS Documentation mentions the following Deleting a customer master key (CMK) in AWS Key Management Service (AWS KMS) is destructive and potentially dangerous. It deletes the key material and all metadata associated with the CMK, and is irreversible. After a CMK is deleted you can no longer decrypt the data that was encrypted under that CMK, which means that data becomes unrecoverable. You should delete a CMK only when you are sure that you don't need to use it anymore. If you are not sure, consider disabling the CMK instead of deleting it. You can re-enable a disabled CMK if you need to use it again later, but you cannot recover a https://docs.aws.amazon.com/kms/latest/developereuide/deleting-keys.html
Community Discussion
No community discussion yet for this question.