A company needs to encrypt data stored in an Amazon S3 bucket with automatic annual key rotation. What is the solution with minimal operational overhead?

Exam-Like

Implement server-side encryption with Amazon S3-managed keys and leverage their inherent key rotation.

11.1%

Use a customer-managed KMS key with automatic rotation and set it as the S3 bucket's default encryption.

88.9%

Employ a customer-managed KMS key for bucket encryption, then manually rotate the key annually.

0.0%

Pre-encrypt data with a customer-supplied key, use a KMS key without material, import the key material, and enable automatic rotation.

0.0%

AWS Certified Solutions Architect - Associate