What should the Security Engineer do to accomplish this?

Posted by: Pdfprep Category: SCS-C01 Tags: , , Post Date: January 23, 2021

A company has multiple Amazon S3 buckets encrypted with customer-managed CMKs Due to regulatory requirements the keys must be rotated every year. The company’s Security Engineer has enabled automatic key rotation for the CMKs; however the company wants to verity that the rotation has occurred.

What should the Security Engineer do to accomplish this?
A . Filter AWS CloudTrail logs for KeyRotaton events
B . Monitor Amazon CloudWatcn Events for any AWS KMS CMK rotation events
C . Using the AWS CL
D . run the aws kms gel-key-relation-status operation with the –key-id parameter to check the CMK rotation date
E . Use Amazon Athena to query AWS CloudTrail logs saved in an S3 bucket to filter Generate New Key events

Answer: C

Author

Leave a Reply

Your email address will not be published.