Amazon SCS-C02 Exam - Topic 5 Question 49 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 49
Topic #: 5

[Incident Response]

A company is using an AWS Key Management Service (AWS KMS) AWS owned key in its application to encrypt files in an AWS account The company's security team wants the ability to change to new key material for new files whenever a potential key breach occurs A security engineer must implement a solution that gives the security team the ability to change the key whenever the team wants to do so

Which solution will meet these requirements?

ACreate a new customer managed key Add a key rotation schedule to the key Invoke the key rotation schedule every time the security team requests a key change

BCreate a new AWS managed key Add a key rotation schedule to the key Invoke the key rotation schedule every time the security team requests a key change

CCreate a key alias Create a new customer managed key every time the security team requests a key change Associate the alias with the new key

DCreate a key alias Create a new AWS managed key every time the security team requests a key change Associate the alias with the new key

Show Suggested Answer

Suggested Answer: A

To meet the requirement of changing the key material for new files whenever a potential key breach occurs, the most appropriate solution would be to create a new customer managed key, add a key rotation schedule to the key, and invoke the key rotation schedule every time the security team requests a key change.

References: :Rotating AWS KMS keys - AWS Key Management Service

by Noah at Aug 03, 2025, 01:26 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Mireya

2 months ago

Wait, can you really change key material on demand like that?

upvoted 0 times

...

Keneth

2 months ago

D? Really? I doubt that would give the flexibility needed.

upvoted 0 times

...

Marsha

3 months ago

C seems like a workaround, not sure if it's the best approach.

upvoted 0 times

...

Tonette

3 months ago

I think B is better, AWS managed keys are easier to handle.

upvoted 0 times

...

Vesta

4 months ago

Option A sounds right, customer managed keys are the way to go!

upvoted 0 times

...

Lanie

4 months ago

I thought AWS managed keys were easier to handle, but I can't recall if they allow for manual changes like the question asks. I might be overthinking option B.

upvoted 0 times

...

Ula

4 months ago

I’m leaning towards option C since it talks about creating a key alias, but I’m not entirely clear on how that works with key management. Did we cover that in our last session?

upvoted 0 times

...

Tiera

4 months ago

I remember practicing a question about key rotation, and I feel like creating a new customer managed key is the way to go. But I’m a bit confused about how often they can change it.

upvoted 0 times

...

Luz

5 months ago

I think option A sounds familiar because it mentions customer managed keys, which we discussed in class. But I'm not sure if invoking the rotation schedule is the right approach.

upvoted 0 times

...

Elza

5 months ago

I'm leaning towards option A. Creating a customer-managed key with a rotation schedule seems like the simplest way to meet the requirements. But I'll double-check the details to make sure.

upvoted 0 times

...

Annmarie

5 months ago

Okay, the key here is that the security team needs the ability to change the key material whenever they want. I think option C is the way to go - creating a new customer-managed key and associating it with an alias.

upvoted 0 times

...

Cortney

5 months ago

Hmm, I'm a bit unsure about the difference between customer-managed and AWS-managed keys. I'll need to review that before deciding on the best approach.

upvoted 0 times

...

Kiley

5 months ago

This looks like a straightforward AWS KMS question. I think I can handle this one.

upvoted 0 times

...

Jacquelyne

6 months ago

I like the idea of using a customer-managed key in Option C. That way, the security team can create a new key as needed and associate it with the alias.

upvoted 0 times

Gayla

3 months ago

Using an alias is smart for easy key management.

upvoted 0 times

...

Kip

3 months ago

I agree, customer-managed keys offer more control.

upvoted 0 times

...

Marilynn

3 months ago

Option C sounds flexible for the security team.

upvoted 0 times

...

Cammy

4 months ago

Definitely, it simplifies the process of key changes.

upvoted 0 times

...

Linn

6 months ago

But with option A, we can have more control over the key material.

upvoted 0 times

...

Emilio

7 months ago

I disagree, I believe the correct answer is B.

upvoted 0 times

...

Linn

7 months ago

I think the answer is A.

upvoted 0 times

...

Aimee

7 months ago

Option A seems like the most straightforward solution. Rotating the key on a schedule and whenever the security team requests it should give them the control they need.

upvoted 0 times

Juan

6 months ago

Option A seems like the most straightforward solution.

upvoted 0 times

...

Lorean

6 months ago

B: I agree, creating a new customer managed key and rotating it when needed is a good security practice.

upvoted 0 times

...

Walton

6 months ago

A: Option A seems like the best choice for this scenario.

upvoted 0 times

...