Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 5 Question 49 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 49
Topic #: 5
[All SCS-C02 Questions]

[Incident Response]

A company is using an AWS Key Management Service (AWS KMS) AWS owned key in its application to encrypt files in an AWS account The company's security team wants the ability to change to new key material for new files whenever a potential key breach occurs A security engineer must implement a solution that gives the security team the ability to change the key whenever the team wants to do so

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

To meet the requirement of changing the key material for new files whenever a potential key breach occurs, the most appropriate solution would be to create a new customer managed key, add a key rotation schedule to the key, and invoke the key rotation schedule every time the security team requests a key change.

References: :Rotating AWS KMS keys - AWS Key Management Service


by Noah at Aug 03, 2025, 02:26 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ula
4 days ago
I’m leaning towards option C since it talks about creating a key alias, but I’m not entirely clear on how that works with key management. Did we cover that in our last session?
upvoted 0 times
...
Tiera
10 days ago
I remember practicing a question about key rotation, and I feel like creating a new customer managed key is the way to go. But I’m a bit confused about how often they can change it.
upvoted 0 times
...
Luz
15 days ago
I think option A sounds familiar because it mentions customer managed keys, which we discussed in class. But I'm not sure if invoking the rotation schedule is the right approach.
upvoted 0 times
...
Elza
21 days ago
I'm leaning towards option A. Creating a customer-managed key with a rotation schedule seems like the simplest way to meet the requirements. But I'll double-check the details to make sure.
upvoted 0 times
...
Annmarie
26 days ago
Okay, the key here is that the security team needs the ability to change the key material whenever they want. I think option C is the way to go - creating a new customer-managed key and associating it with an alias.
upvoted 0 times
...
Cortney
1 month ago
Hmm, I'm a bit unsure about the difference between customer-managed and AWS-managed keys. I'll need to review that before deciding on the best approach.
upvoted 0 times
...
Kiley
1 month ago
This looks like a straightforward AWS KMS question. I think I can handle this one.
upvoted 0 times
...
Jacquelyne
2 months ago
I like the idea of using a customer-managed key in Option C. That way, the security team can create a new key as needed and associate it with the alias.
upvoted 0 times
...
Linn
2 months ago
But with option A, we can have more control over the key material.
upvoted 0 times
...
Emilio
3 months ago
I disagree, I believe the correct answer is B.
upvoted 0 times
...
Linn
3 months ago
I think the answer is A.
upvoted 0 times
...
Aimee
3 months ago
Option A seems like the most straightforward solution. Rotating the key on a schedule and whenever the security team requests it should give them the control they need.
upvoted 0 times
Juan
2 months ago
Option A seems like the most straightforward solution.
upvoted 0 times
...
Lorean
2 months ago
B: I agree, creating a new customer managed key and rotating it when needed is a good security practice.
upvoted 0 times
...
Walton
2 months ago
A: Option A seems like the best choice for this scenario.
upvoted 0 times
...
...

Save Cancel