Answer-first summary for fast verification
Answer: Use a customer-managed KMS key with automatic rotation and set it as the S3 bucket's default encryption.
The correct answer is B. Using a customer-managed KMS key with automatic rotation, and setting it as the default encryption for the S3 bucket, meets the requirements with the least operational overhead. This approach ensures that the encryption keys are rotated automatically every year without additional manual intervention, ensuring compliance and security. Options A and C do not meet the key rotation requirement effectively, and option D is overly complex compared to option B.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company needs to encrypt data stored in an Amazon S3 bucket with automatic annual key rotation. What is the solution with minimal operational overhead?
A
Implement server-side encryption with Amazon S3-managed keys and leverage their inherent key rotation.
B
Use a customer-managed KMS key with automatic rotation and set it as the S3 bucket's default encryption.
C
Employ a customer-managed KMS key for bucket encryption, then manually rotate the key annually.
D
Pre-encrypt data with a customer-supplied key, use a KMS key without material, import the key material, and enable automatic rotation.
No comments yet.