Multiple Choice
A company has multiple business units. Each business unit has its own AWS account and runs a single website within that account. The company also has a single logging account. Logs from each business unit website are aggregated into a single Amazon S3 bucket in the logging account. The S3 bucket policy provides each business unit with access to write data into the bucket and requires data to be encrypted. The company needs to encrypt logs uploaded into the bucket using a single AWS Key Management Service (AWS KMS) CMK. The CMK that protects the data must be rotated once every 365 days. Which strategy is the MOST operationally efficient for the company to use to meet these requirements?
A) Create a customer managed CMK in the logging account. Update the CMK key policy to provide access to the logging account only. Manually rotate the CMK every 365 days.
B) Create a customer managed CMK in the logging account. Update the CMK key policy to provide access to the logging account and business unit accounts. Enable automatic rotation of the CMK.
C) Use an AWS managed CMK in the logging account. Update the CMK key policy to provide access to the logging account and business unit accounts. Manually rotate the CMK every 365 days.
D) Use an AWS managed CMK in the logging account. Update the CMK key policy to provide access to the logging account only. Enable automatic rotation of the CMK.
Correct Answer:
Verified
Correct Answer:
Verified
Q689: A company is migrating its on-premises build
Q690: ABC has three separate departments and each
Q691: You would like to create a mirror
Q692: You require the ability to analyze a
Q693: A company ingests and processes streaming market
Q695: What is the maximum number of data
Q696: A company will several AWS accounts is
Q697: You are designing Internet connectivity for your
Q698: A company has a data lake in
Q699: A company has a web application that