Exam AWS Certified Security - Specialty topic 1 question 34 discussion

Corect answer is sure B . A is wrong since AWS KMS managed CMK is rotated every 3 years by AWs and you cannot change this. for AWS Customer managed CMK with back end keys managed by AWS , it is auto rotation every 12 months , and for AWS customer managed CMKS with imported keys , it must be manual process.So B is 100% right

ANS - A - In May 2022, AWS KMS changed the rotation schedule for AWS managed keys from every three years (approximately 1,095 days) to every year (approximately 365 days). https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html

Correct answer is B.

Safe response is B: "AWS KMS supports automatic key rotation only for symmetric encryption KMS keys with key material that AWS KMS creates".

Who writes those stupid questions? Both AWS managed and customer-managed KMS keys are automatically rotated every 12 months. (maybe that's a really old question, when AWS managed keys auto rotation were every 3 years) Still LAME question.

This is likely an very dated question. The term" Customer Master Key" is no longer a thing. A It's not AWS KMS Customer "Managed" Key. As such a key can be setup to automatically rotate every year. Same goes for AWS Managed Keys. So the answer is both A and B lol Side note: You'll need to import your own key material if you want to have more control over rotation. "Rotate" every 90 days for instance.

B. B is correct.

Selected Answer: B A incorrect - CMK is not Customer Master Key.

Answers are A and B !!

In May 2022, AWS KMS changed the rotation schedule for AWS managed keys from every three years (approximately 1,095 days) to every year (approximately 365 days). New AWS managed keys are automatically rotated one year after they are created, and approximately every year thereafter. Existing AWS managed keys are automatically rotated one year after their most recent rotation, and every year thereafter.

"B" is the answer because The “Automated Key Rotation” option for KMS appears for AWS KMS generated key material.

ANS - A - In May 2022, AWS KMS changed the rotation schedule for AWS managed keys from every three years (approximately 1,095 days) to every year (approximately 365 days). https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html

Its A now after the latest changes look into this doc https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html

Correct ans is A. After May 2022, AWS managed CMK must rotates every year by default whereas Customer managed CMK can be rotated every year and it's default rotation is disabled. So in this case option A is better choice than B. Although it's possible with option B too but question says must be automatically rotated.

BBBBBBBB

AAAAAAAA

as of 2022, for AWS Managed key and CMK using KMS, both options are valid with a rotation of 1 year https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html however, Answer A says AWS managed customer key, i couldn't find any reference with the same name, there is only AWS Managed key , even on portal hence, i will go with Option B