What is the recommended method to enable automatic annual rotation of a customer-managed AWS KMS key to improve security?

hard📝 Application Q9 of 15

AWS - Advanced Security

ARotate the key material by importing new key material every year

BManually create a new key each year and update all resources to use it

CUse AWS Lambda to delete and recreate the key annually

DEnable the built-in key rotation feature in AWS KMS for the customer-managed key

Step-by-Step Solution

Solution:

Step 1: Understand AWS KMS key rotation
AWS KMS supports automatic yearly rotation for customer-managed symmetric keys.
Step 2: Evaluate options
Enable the built-in key rotation feature in AWS KMS for the customer-managed key uses the built-in feature, which is the recommended and simplest approach.
Step 3: Why other options are incorrect
Manual key creation (B) is error-prone; Lambda deletion (C) risks data loss; importing key material (D) is for external keys, not automatic rotation.
Final Answer:
Enable the built-in key rotation feature in AWS KMS for the customer-managed key -> Option D
Quick Check:
Use AWS KMS automatic rotation [OK]

Quick Trick: Enable KMS automatic rotation for yearly key updates [OK]

Common Mistakes:

Master "Advanced Security" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes