Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 64 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 64
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company is using an AWS KMS customer master key (CMK) with imported key material. The company references the CMK by its alias in the Java application to encrypt data. The CMK must be rotated every 6 months.
What is the process to rotate the key?

  • A. Enable automatic key rotation for the CMK, and specify a period of 6 months.
  • B. Create a new CMK with new imported material, and update the key alias to point to the new CMK.
  • C. Delete the current key material, and import new material into the existing CMK.
  • D. Import a copy of the existing key material into a new CMK as a backup, and set the rotation schedule for 6 months.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by princajen at Sept. 2, 2022, 3:41 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
princajen
Highly Voted 2 years, 2 months ago
Selected Answer: B
If you choose to import keys to AWS KMS or asymmetric keys or use a custom key store, you can manually rotate them by creating a new KMS key and mapping an existing key alias from the old KMS key to the new KMS key. https://aws.amazon.com/kms/faqs/
upvoted 14 times
...
jipark
Highly Voted 1 year, 3 months ago
Selected Answer: B
why not A : Automatic key rotation is available for certain AWS-managed keys, not for imported key material.
upvoted 5 times
...
gehadg
Most Recent 2 weeks, 1 day ago
Correct Answer: B CMKs with Imported Key Material: For AWS KMS customer master keys (CMKs) with imported key material, automatic key rotation is not supported. To meet rotation requirements, a new CMK must be created with the updated imported key material, and the alias should be updated to point to the new CMK. Other Options: Option A: Automatic key rotation is not available for CMKs with imported key material. Option C: Deleting and re-importing key material into the existing CMK does not satisfy rotation requirements, as it does not create a new CMK. Option D: Creating a backup CMK with the same key material does not address rotation requirements and does not set up regular rotation.
upvoted 1 times
...
Christina666
1 year, 3 months ago
Selected Answer: B
Rotation date AWS KMS rotates key material one year (approximately 365 days) after rotation is enabled, and then every year (approximately 365 days) thereafter. Customer managed keys Because automatic key rotation is optional on customer managed keys and can be enabled and disabled at any time, the rotation date depends on the date that rotation was most recently enabled. That date can change many times over the life of the key. For example, if you create a customer managed key on January 1, 2022, and enable automatic key rotation on March 15, 2022, AWS KMS rotates the key material on March 15, 2023, March 15, 2024, and every 365 days thereafter.
upvoted 1 times
Christina666
1 year, 3 months ago
When you rotate KMS keys manually, you also need to update references to the KMS key ID or key ARN in your applications. Aliases, which associate a friendly name with a KMS key, can make this process easier. Use an alias to refer to a KMS key in your applications. Then, when you want to change the KMS key that the application uses, instead of editing your application code, change the target KMS key of the alias.
upvoted 1 times
...
...
Arnaud92
1 year, 10 months ago
Selected Answer: B
To create new cryptographic material for your customer managed keys, you can create new KMS keys, and then change your applications or aliases to use the new KMS keys. https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel