A company has multiple Amazon S3 buckets encrypted with customer-managed CMKs Due to regulatory requirements...

Amazon Web Services SCS-C02 Full Course Access

Amazon Web Services SCS-C02 View All Questions

Amazon Web Services SCS-C02 Question Answer

A company has multiple Amazon S3 buckets encrypted with customer-managed CMKs Due to regulatory requirements the keys must be rotated every year. The company's Security Engineer has enabled automatic key rotation for the CMKs; however the company wants to verity that the rotation has occurred.

What should the Security Engineer do to accomplish this?

Filter IAM CloudTrail logs for KeyRotaton events

Monitor Amazon CloudWatcn Events for any IAM KMS CMK rotation events

Using the IAM CLI. run the IAM kms gel-key-relation-status operation with the --key-id parameter to check the CMK rotation date

Use Amazon Athena to query IAM CloudTrail logs saved in an S3 bucket to filter Generate New Key events

SCS-C02 PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

Get 60% Discount on All Products, Use Coupon: "8w52ceb345"

A company's security engineer is designing an isolation procedure for Amazon EC2 instances as part...

A company runs an application that sends logs to a log group in Amazon CloudWatch...

Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 8w52ceb345

A company has multiple Amazon S3 buckets encrypted with customer-managed CMKs Due to regulatory requirements...

The Answer Is:

Explanation:

Quick Links