Answer: Create a customer managed CMK in the logging account Update the CMK key policy to provide access to the logging account and business unit accounts Enable automatic rotation of the CMK

The most operationally efficient strategy for the company to meet its requirements is option B. This strategy involves creating a customer-managed AWS Key Management Service (KMS) Customer Master Key (CMK) in the logging account and updating the CMK key policy to provide access to both the logging account and the business unit accounts. Additionally, enabling automatic rotation of the CMK ensures that it is rotated once every 365 days without manual intervention, which reduces the operational overhead and potential for human error. By creating a customer-managed CMK, the company has more control over the key management process, including the ability to define key policies, enable key rotation, and manage permissions. Updating the key policy to provide access to both the logging account and the business unit accounts ensures that all necessary entities can use the CMK to encrypt and decrypt data, facilitating seamless data aggregation and access. Enabling automatic rotation of the CMK simplifies the process of meeting the requirement to rotate the key every 365 days. AWS KMS automatically handles the rotation process, ensuring that the key remains secure and up-to-date without the need for manual intervention. This approach reduces the risk of missing the rotation deadline and minimizes the administrative burden on the company's IT team. In summary, option B offers a balance of control, flexibility, and operational efficiency, making it the most suitable strategy for the company's needs.

Author: LeetQuiz Editorial Team