Topic 1 Question 64
A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months. What is the process to rotate the key?
Enable automatic key rotation for the CMK, and specify a period of 6 months.
Create a new CMK with new imported material, and update the key alias to point to the new CMK.
Delete the current key material, and import new material into the existing CMK.
Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months.
解説
Reference: https://aws.amazon.com/kms/faqs/
ユーザの投票
コメント(2)
- 正解だと思う選択肢: B
If you choose to import keys to AWS KMS or asymmetric keys or use a custom key store, you can manually rotate them by creating a new KMS key and mapping an existing key alias from the old KMS key to the new KMS key.
👍 9princajen2022/09/01 - 正解だと思う選択肢: B
To create new cryptographic material for your customer managed keys, you can create new KMS keys, and then change your applications or aliases to use the new KMS keys. https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
👍 1Arnaud922022/12/28
シャッフルモード