Multiple Choice
Which option for the use of the AWS Key Management Service (KMS) supports key management best practices that focus on minimizing the potential scope of data exposed by a possible future key compromise?
A) Use KMS automatic key rotation to replace the master key, and use this new master key for future encryption operations without re-encrypting previously encrypted data.
B) Generate a new Customer Master Key (CMK) , re-encrypt all existing data with the new CMK, and use it for all future encryption operations.
C) Change the CMK alias every 90 days, and update key-calling applications with the new key alias.
D) Change the CMK permissions to ensure that individuals who can provision keys are not the same individuals who can use the keys.
Correct Answer:
Verified
Correct Answer:
Verified
Q136: A Security Engineer is implementing a solution
Q137: A pharmaceutical company has digitized versions of
Q138: The Accounting department at Example Corp. has
Q139: A Security Analyst attempted to troubleshoot the
Q140: A company runs an application on AWS
Q142: During a security event, it is discovered
Q143: A company is developing a mobile shopping
Q144: An external auditor finds that a company's
Q145: An Amazon EC2 instance is part of
Q146: A Security Engineer discovered a vulnerability in