A company utilizes Amazon Route 53 for DNS services. The security team has implemented DNS Security Extensions (DNSSEC) to enhance the domain's security posture and now seeks clarification on the responsibility for rotating DNSSEC keys.

What should the network engineer communicate to the security team regarding the party responsible for DNSSEC key rotation?

Exam-Like

AWS rotates the zone-signing key (ZSK). The company rotates the key-signing key (KSK).

25.0%

The company rotates the zone-signing key (ZSK) and the key-signing key (KSK).

25.0%

AWS rotates the AWS Key Management Service (AWS KMS) key and the key-signing key (KSK).

25.0%

The company rotates the AWS Key Management Service (AWS KMS) key. AWS rotates the key-signing key (KSK).

25.0%

AWS Certified Advanced Networking - Specialty