exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 84 discussion

A security engineer must use AWS Key Management Service (AWS KMS) to design a key management solution for a set of Amazon Elastic Block Store (Amazon EBS) volumes that contain sensitive data. The solution needs to ensure that the key material automatically expires in 90 days.

Which solution meets these criteria?

  • A. A customer managed key that uses customer provided key material
  • B. A customer managed key that uses AWS provided key material
  • C. An AWS managed key
  • D. Operating system encryption that uses GnuPG
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
IPLogic
4 days ago
Selected Answer: A
The best solution to meet these criteria is A. A customer managed key that uses customer provided key material.
upvoted 1 times
...
cloudescalate
6 months, 1 week ago
Selected Answer: A
You can only schedule the deletion of a customer managed key. You cannot delete AWS managed keys or AWS owned keys. https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html
upvoted 1 times
...
Raphaello
9 months, 2 weeks ago
Selected Answer: A
Correct answer is A. You can select your KMS key with imported key material expiration date. https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-managing.html
upvoted 1 times
...
vikasj1in
10 months, 3 weeks ago
AWS Managed Key (AWS KMS): AWS managed keys (AWS KMS keys) are created, managed, and rotated by AWS KMS. AWS automatically handles key rotation for these keys. With an AWS managed key, you can set the key rotation interval, and AWS KMS will automatically rotate the key material. Expiration: While AWS managed keys don't have an explicit "expiration" property, you can achieve similar functionality by configuring key rotation every 90 days. This ensures that the key material is automatically rotated, effectively providing a new key every 90 days. Options A and B refer to customer managed keys, and the expiration of key material would need to be managed manually by the customer. Option D mentions GnuPG, which is not applicable for managing AWS EBS volume encryption keys. Therefore, option C (AWS managed key) is the most suitable choice for this scenario.
upvoted 1 times
...
rahav
11 months, 2 weeks ago
Selected Answer: A
You may set an expiration period for an imported key. AWS KMS will automatically delete the key material after the expiration period. You can also delete imported key material on demand. In both cases the key material itself is deleted but the KMS key reference in AWS KMS and associated metadata are retained so that the key material can be re-imported in the future. Keys generated by AWS KMS do not have an expiration time and cannot be deleted immediately; there is a mandatory 7 to 30 day wait period. All customer managed KMS keys, regardless of whether the key material was imported, can be manually disabled or scheduled for deletion. In this case the KMS key itself is deleted, not just the underlying key material. https://aws.amazon.com/kms/faqs/
upvoted 2 times
...
WeepingMaplte
11 months, 3 weeks ago
Selected Answer: A
A will be the answer. The key word in the question is automatically expires. For answer B and C, it does not have the expiration date option. It only has the rotate option.
upvoted 1 times
...
vincentsr7
11 months, 3 weeks ago
Option C. A customer managed key (option A) that uses customer provided key material would not have the automatic expiration capability by default.
upvoted 1 times
...
Daniel76
11 months, 3 weeks ago
When you import key material, you can set an optional expiration time. https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-managing.html
upvoted 2 times
...
Aamee
1 year ago
Selected Answer: A
A sounds legit.
upvoted 1 times
...
[Removed]
1 year ago
Selected Answer: A
Definitely A
upvoted 1 times
...
AgboolaKun
1 year ago
Selected Answer: A
A is correct - https://awscli.amazonaws.com/v2/documentation/api/latest/reference/kms/import-key-material.html
upvoted 1 times
...
oioi
1 year ago
Selected Answer: B
correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...