Which option for the use of the AWS Key Management Service (KMS) supports key management best practices that focus on minimizing the potential scope of data exposed by a possible future key compromise?
A) Use KMS automatic key rotation to replace the master key, and use this new master key for future encryption operations without re-encrypting previously encrypted data.
B) Generate a new Customer Master Key (CMK) , re-encrypt all existing data with the new CMK, and use it for all future encryption operations.
C) Change the CMK alias every 90 days, and update key-calling applications with the new key alias.
D) Change the CMK permissions to ensure that individuals who can provision keys are not the same individuals who can use the keys.
Correct Answer:
Verified
Q100: A company requires that SSH commands used
Q101: A Systems Engineer is troubleshooting the connectivity
Q102: An application has been built with Amazon
Q103: An employee accidentally exposed an AWS access
Q104: Example.com hosts its internal document repository on
Q106: A Security Engineer is trying to determine
Q107: An AWS account includes two S3 buckets:
Q108: A company's database developer has just migrated
Q109: A security alert has been raised for
Q110: What is the function of the following
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents