A company needs to encrypt all of its data stored in Amazon S3. The company wants to use AWS Key Management Service (AWS KMS) to create and manage its encryption keys. The company's security policies require the ability to import the company's own key material for the keys, set an expiration date on the keys, and delete keys immediately, if needed. How should a security engineer set up AWS KMS to meet these requirements?
A) Configure AWS KMS and use a custom key store. Create a customer managed CMK with no key material. Import the company's keys and key material into the CMK.
B) Configure AWS KMS and use the default key store. Create an AWS managed CMK with no key material. Import the company's keys and key material into the CMK.
C) Configure AWS KMS and use the default key store. Create a customer managed CMK with no key material. Import the company's keys and key material into the CMK.
D) Configure AWS KMS and use a custom key store. Create an AWS managed CMK with no key material. Import the company's keys and key material into the CMK.
Correct Answer:
Verified
Q242: A company is hosting multiple applications within
Q243: Users report intermittent availability of a web
Q244: A company is using AWS Organizations to
Q245: A company's architecture requires that its three
Q246: A company's AWS CloudTrail logs are all
Q248: A company is building an application on
Q249: A company uses an external identity provider
Q250: A company wants to deploy a distributed
Q251: A city is implementing an election results
Q252: A user is implementing a third-party web
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents