Answer-first summary for fast verification
Answer: A customer managed key that uses customer provided key material
The correct answer is A: A customer managed key that uses customer provided key material. AWS KMS does not support automatic key expiration directly within its service; however, by using customer provided key material, you can set an expiration date for the key material. This allows you to ensure that the key material expires automatically after 90 days. AWS Managed Keys and customer managed keys with AWS provided key material do not allow setting an expiration date for the key material. Operating system encryption using GnuPG is not a solution that integrates directly with AWS KMS.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A security engineer is tasked with designing a key management solution for Amazon Elastic Block Store (Amazon EBS) volumes containing sensitive data using AWS Key Management Service (AWS KMS). The solution must ensure that the key material automatically expires after 90 days. Which of the following AWS KMS key management options meets this requirement?
A
A customer managed key that uses customer provided key material
B
A customer managed key that uses AWS provided key material
C
An AWS managed key
D
Operating system encryption that uses GnuPG
No comments yet.