Q51 — AWS DVA-C02 Ch.1

Question 51 of 100 | ← Chapter 1

A developer plans to migrate corporate data to Amazon S3. The data must be encrypted, and the encryption keys must support automatic annual rotation. The company must use AWS Key Management Service (AWS KMS) to encrypt the data. To meet these requirements, which type of key should the developer use?

Correct Answer: B. Symmetric customer-managed keys with key material generated by AWS

Explanation

Option B recommends using symmetric customer-managed keys with key material generated by AWS. This key type supports automatic annual rotation and satisfies the stated requirements. Other options: Amazon S3 managed keys (Option A) are managed by Amazon S3 and do not support automatic rotation. Asymmetric keys (Option C) are less suitable in this context. Symmetric keys with imported key material (Option D) may be used in specific scenarios but AWS-generated key material is generally recommended to simplify key management. 【Lantern Certification provided by: swufelp1999】