Answer-first summary for fast verification
Answer: Create a custom AWS Config rule that monitors KMS key rotation and sends notifications to an Amazon SNS topic if a key is found to be unrotated for 90 days.
The correct answer is C. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. By creating a custom AWS Config rule, you can monitor the rotation status of KMS keys and ensure compliance with regulatory requirements. This solution allows you to send notifications to an Amazon SNS topic when a key has not been rotated within the specified time frame of 90 days. Other options either do not directly monitor KMS key rotation (Option A) or are not designed specifically for this purpose (Options B and D).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company is utilizing AWS Key Management Service (KMS) keys with manual rotation to comply with regulatory standards. The security team requires a notification system to alert them when any KMS key has not been rotated within the last 90 days. Which AWS service configuration or setup would effectively fulfill this requirement?
A
Configure AWS KMS to automatically publish notifications to an Amazon Simple Notification Service (SNS) topic when a key is older than 90 days.
B
Set up an Amazon EventBridge rule to trigger an AWS Lambda function that checks the AWS Trusted Advisor API for key rotation status and then sends a notification via Amazon SNS.
C
Create a custom AWS Config rule that monitors KMS key rotation and sends notifications to an Amazon SNS topic if a key is found to be unrotated for 90 days.
D
Utilize AWS Security Hub to monitor KMS key rotation and configure it to send notifications to an Amazon SNS topic when a key has not been rotated for 90 days.
No comments yet.