Answer-first summary for fast verification
Answer: Symmetric keys managed by customers, with AWS-generated key material, featuring automatic annual rotation.
The correct answer is B. Symmetric customer managed keys with key material that is generated by AWS meet the requirement for automatic annual rotation. These keys allow the developer to create and manage their own encryption keys in AWS KMS, and AWS KMS supports automatic rotation of these customer managed keys. This ensures that the data remains encrypted with a key that is periodically rotated, enhancing the security posture of the data stored in Amazon S3. Asymmetric keys are typically used for different purposes and do not fit well with the requirement of automatic rotation. Amazon S3 managed keys do not support automatic rotation. Imported key material also does not support automatic rotation in AWS KMS.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Which key type should a developer use for encrypting data in Amazon S3, ensuring it supports automatic annual rotation and is managed by AWS Key Management Service (AWS KMS)?
A
Amazon S3's own managed keys, which do not support automatic key rotation.
B
Symmetric keys managed by customers, with AWS-generated key material, featuring automatic annual rotation.
C
Asymmetric keys, generally used for purposes like digital signatures, not ideal for the required automatic rotation.
D
Symmetric keys with customer-supplied key material, which AWS KMS does not automatically rotate.