Topic 1 Question 84
A security engineer must use AWS Key Management Service (AWS KMS) to design a key management solution for a set of Amazon Elastic Block Store (Amazon EBS) volumes that contain sensitive data. The solution needs to ensure that the key material automatically expires in 90 days.
Which solution meets these criteria?
A customer managed key that uses customer provided key material
A customer managed key that uses AWS provided key material
An AWS managed key
Operating system encryption that uses GnuPG
ユーザの投票
コメント(12)
- 正解だと思う選択肢: A
You may set an expiration period for an imported key. AWS KMS will automatically delete the key material after the expiration period. You can also delete imported key material on demand. In both cases the key material itself is deleted but the KMS key reference in AWS KMS and associated metadata are retained so that the key material can be re-imported in the future. Keys generated by AWS KMS do not have an expiration time and cannot be deleted immediately; there is a mandatory 7 to 30 day wait period. All customer managed KMS keys, regardless of whether the key material was imported, can be manually disabled or scheduled for deletion. In this case the KMS key itself is deleted, not just the underlying key material.
👍 3rahav2023/12/24 When you import key material, you can set an optional expiration time. https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-managing.html
👍 2Daniel762023/12/13- 正解だと思う選択肢: A
You can only schedule the deletion of a customer managed key. You cannot delete AWS managed keys or AWS owned keys. https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html
👍 2cloudescalate2024/05/25
シャッフルモード