A company maintains sensitive data in an Amazon S3 bucket that must be protected using an AWS KMS CMK. The company requires that keys be rotated automatically every year. How should the bucket be configured?
A) Select server-side encryption with Amazon S3-managed keys (SSE-S3) and select an AWS-managed CMK.
B) Select Amazon S3-AWS KMS managed encryption keys (S3-KMS) and select a customer-managed CMK with key rotation enabled.
C) Select server-side encryption with Amazon S3-managed keys (SSE-S3) and select a customer-managed CMK that has imported key material.
D) Select server-side encryption with AWS KMS-managed keys (SSE-KMS) and select an alias to an AWS-managed CMK.
Correct Answer:
Verified
Q135: A Security Engineer is looking for a
Q136: The Security Engineer is managing a web
Q137: A company has multiple production AWS accounts.
Q138: Compliance requirements state that all communications between
Q139: The Security Engineer is given the following
Q141: A company manages three separate AWS accounts
Q142: A company has several production AWS accounts
Q143: An organization has three applications running on
Q144: While analyzing a company's security solution, a
Q145: A company has two AWS accounts, each
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents