AWS - Advanced Security
You want to ensure your KMS key automatically rotates every year and cannot be deleted accidentally. Which two settings should you configure?
You want to ensure your KMS key automatically rotates every year and cannot be deleted accidentally. Which two settings should you configure?
hard📝 Best Practice Q15 of 15
Step-by-Step Solution
Solution:
Step 1: Enable automatic yearly key rotation
Enabling key rotation ensures the key updates automatically every year.Step 2: Set a deletion window to prevent accidental deletion
A minimum 7-day deletion window is required to avoid immediate key loss and allow recovery.Final Answer:
Enable key rotation and set a minimum 7-day deletion window -> Option BQuick Check:
Rotation enabled + deletion window set = safe key management [OK]
Quick Trick: Rotate keys yearly and set deletion window ≥7 days [OK]
Common Mistakes:
- Disabling rotation when it should be enabled
- Setting deletion window to zero
- Disabling deletion window entirely
Master "Advanced Security" in AWS
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore AWS Quizzes