Aws Kms MCQ Questions and Answers

Mastering Aws Kms is crucial for cloud certification success. This dedicated practice set features 137 Aws Kms MCQ questions and answers designed to mirror real exam scenarios across various AWS certifications.

📝 137 Questions⏱️ 90 min🎯 Pass: 70%

About Aws Kms Practice Questions

This detailed quiz focuses on Aws Kms, covering key concepts and scenarios often found in AWS exams.

  • Comprehensive coverage of Aws Kms features.
  • Scenario-based questions testing design and troubleshooting skills.
  • Detailed explanations to reinforce learning.

All 137 Aws Kms Questions

Browse through the complete list of questions and answers below. Use this resource to review specific concepts or check your understanding of Aws Kms.

1

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
2

What is AWS Key Management Service (KMS) used for?

To create and manage cryptographic keys to encrypt your data
To store passwords in plain text
To manage user logins to the AWS Console
To provide physical keys for data centers
View Explanation
✓ Correct Answer: To create and manage cryptographic keys to encrypt your dataExplanation:KMS is a managed service that makes it easy to create and control encryption keys.
3

What is a 'Customer Master Key' (CMK) in AWS KMS?

The primary resource in KMS used to encrypt/decrypt data keys
The password you use to log into AWS
A key provided by Microsoft
A physical hardware token
View Explanation
✓ Correct Answer: The primary resource in KMS used to encrypt/decrypt data keysExplanation:A CMK is a logical representation of a master key that never leaves the KMS service.
4

Which encryption type is supported by AWS KMS for data keys?

Symmetric and Asymmetric encryption
Only Symmetric
Only Asymmetric
Only ROT13
View Explanation
✓ Correct Answer: Symmetric and Asymmetric encryptionExplanation:KMS supports both symmetric (same key for enc/dec) and asymmetric (public/private pair) keys.
5

What is the difference between an 'AWS Managed Key' and a 'Customer Managed Key'?

Customer Managed Keys give you full control over rotation and access policies
AWS Managed Keys are more expensive
Customer Managed Keys cannot be deleted
There is no difference
View Explanation
✓ Correct Answer: Customer Managed Keys give you full control over rotation and access policiesExplanation:Customer Managed Keys are created by you and offer the highest level of control and auditing.
6

Which AWS service provides detailed logs showing exactly when and by whom a KMS key was used to encrypt or decrypt data?

AWS CloudTrail
Amazon CloudWatch
AWS Artifact
IAM
View Explanation
✓ Correct Answer: AWS CloudTrailExplanation:KMS is integrated with CloudTrail to log all API requests to the service for auditing purposes.
7

Which feature of AWS KMS allows you to bring your own encryption keys (BYOK) from your own on-premises hardware security module?

Import Key Material
KMS Custom Key Stores (CloudHSM)
KMS Multi-region Keys
KMS Key Rotation
View Explanation
✓ Correct Answer: Import Key MaterialExplanation:KMS allows you to import key material that you generated yourself using your own tools.
8

How can you ensure that your customer-managed KMS keys are updated periodically with new cryptographic material?

Enable Automatic Key Rotation (yearly)
AWS rotates them every day automatically
You must manually delete and recreate keys every month
Rotation is not supported in KMS
View Explanation
✓ Correct Answer: Enable Automatic Key Rotation (yearly)Explanation:You can enable automatic rotation for customer-managed CMKs with one click.
9

Which AWS service is a dedicated hardware security module (HSM) that you can use alongside or instead of KMS for the highest level of compliance?

AWS CloudHSM
AWS KMS
AWS IAM
Amazon GuardDuty
View Explanation
✓ Correct Answer: AWS CloudHSMExplanation:CloudHSM provides you with FIPS 140-2 Level 3 validated single-tenant hardware security for your keys.
10

When you delete a key in AWS KMS, is it deleted immediately?

No; there is a mandatory waiting period of 7 to 30 days
Yes, it is gone forever instantly
It is never actually deleted
Only if Microsoft approves the deletion
View Explanation
✓ Correct Answer: No; there is a mandatory waiting period of 7 to 30 daysExplanation:KMS requires a 'Schedule Key Deletion' period to prevent accidental loss of access to encrypted data.
11

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
12

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS IAM
Amazon S3
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
13

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
Amazon S3
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
14

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
15

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
Amazon S3
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
16

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
Amazon S3
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
17

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
Amazon S3
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
18

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
19

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS KMS
Amazon S3
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
20

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
Amazon S3
AWS KMS
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
21

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS KMS
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
22

A solutions architect is designing an encryption strategy for S3. The company wants to manage the keys in AWS but requires that the keys cannot be exported from the AWS KMS service. Which key type should be used?

AWS KMS Customer Managed Keys (CMKs)
AWS Managed Keys
Customer Provided Keys (SSE-C)
CloudHSM Unmanaged Keys
View Explanation
✓ Correct Answer: AWS KMS Customer Managed Keys (CMKs)Explanation:KMS keys are stored in FIPS 140-2 Level 3 validated hardware security modules and never leave the KMS service in unencrypted form.
23

What is the difference between an 'Symmetric' and 'Asymmetric' KMS key?

Symmetric uses the same key for encryption and decryption; Asymmetric uses a public/private key pair
Symmetric is for S3; Asymmetric is for EBS
Asymmetric keys are free
Symmetric keys can be exported
View Explanation
✓ Correct Answer: Symmetric uses the same key for encryption and decryption; Asymmetric uses a public/private key pairExplanation:Symmetric keys are standard for data-at-rest encryption, while asymmetric keys are often used for digital signatures or external data exchange.
24

To improve security and meet compliance, a company wants to automatically rotate their Customer Managed Keys every year. How is this enabled in KMS?

Enable 'Automatic Key Rotation' in the KMS key configuration
Write a Lambda function to create a new key and update all resources
Rotate keys manually by changing the alias
KMS does not support automatic rotation
View Explanation
✓ Correct Answer: Enable 'Automatic Key Rotation' in the KMS key configurationExplanation:KMS can automatically rotate the backing key material every year for CMKs, while keeping the same key ID and metadata.
25

Which KMS feature allows you to use the same key material for data in multiple AWS regions to support disaster recovery scenarios without re-encrypting data?

AWS KMS Multi-Region Keys
KMS Key Replication
Regional CMK sharing
Cross-Region S3 Replication
View Explanation
✓ Correct Answer: AWS KMS Multi-Region KeysExplanation:Multi-region keys have the same key ID and key material across regions, making it easier to manage encrypted data that is replicated.
26

What is an 'Encryption Context' in AWS KMS?

An optional set of key-value pairs that provides additional authenticated data (AAD) to ensure integrity and prevent tampering
A list of users who can use the key
The name of the VPC where the key is used
The billing category for the encryption
View Explanation
✓ Correct Answer: An optional set of key-value pairs that provides additional authenticated data (AAD) to ensure integrity and prevent tamperingExplanation:If an encryption context is provided during encryption, it must be provided during decryption, making it a powerful security control.
27

A company has a regulatory requirement to store keys in a dedicated single-tenant hardware security module (HSM). Which KMS feature should be used?

KMS Custom Key Store (backed by CloudHSM)
KMS Default Key Store
AWS Secrets Manager
Dedicated Instances
View Explanation
✓ Correct Answer: KMS Custom Key Store (backed by CloudHSM)Explanation:Custom Key Stores combine the ease of use of KMS with the strict compliance of dedicated HSM hardware.
28

How can an architect grant a different AWS account permission to use a KMS key for encrypting data in an S3 bucket?

Modify the KMS Key Policy to include the external account's root user or specific IAM roles
Use an S3 bucket policy only
Sharing is not possible; each account must have its own keys
Export the private key
View Explanation
✓ Correct Answer: Modify the KMS Key Policy to include the external account's root user or specific IAM rolesExplanation:KMS key policies are the primary mechanism for cross-account access control for encryption keys.
29

What is the purpose of 'Grant' in AWS KMS?

A mechanism to provide temporary, programmatic delegation of permissions to a key
A financial subsidy from AWS
A way to delete keys permanently
A type of key policy
View Explanation
✓ Correct Answer: A mechanism to provide temporary, programmatic delegation of permissions to a keyExplanation:Grants are often used by AWS services (like EBS or RDS) to perform encryption/decryption on your behalf.
30

What happens if you delete a KMS key?

It enters a mandatory 7 to 30-day waiting period before permanent deletion, during which it cannot be used
It is deleted immediately and all data is lost
You can get it back within 1 year for a fee
KMS keys cannot be deleted
View Explanation
✓ Correct Answer: It enters a mandatory 7 to 30-day waiting period before permanent deletion, during which it cannot be usedExplanation:The waiting period is a safeguard to prevent accidental data loss from key deletion.
31

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
32

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS KMS
AWS IAM
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
33

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
Amazon S3
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
34

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS WAF
AWS IAM
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
35

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
36

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
Amazon S3
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
37

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS WAF
Amazon S3
AWS KMS
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
38

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
39

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
40

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS WAF
AWS IAM
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
41

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS IAM
AWS WAF
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
42

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
43

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
Amazon S3
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
44

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
45

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS WAF
AWS KMS
Amazon S3
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
46

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
47

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS IAM
AWS WAF
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
48

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
AWS KMS
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
49

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS KMS
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
50

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
51

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
Amazon S3
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
52

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
53

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
Amazon S3
AWS KMS
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
54

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS KMS
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
55

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS KMS
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
56

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS WAF
AWS KMS
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
57

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS KMS
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
58

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS KMS
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
59

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS KMS
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
60

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS WAF
Amazon S3
AWS IAM
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
61

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
62

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
63

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
Amazon S3
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
64

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
Amazon S3
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
65

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS KMS
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
66

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
67

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
68

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
AWS KMS
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
69

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
Amazon S3
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
70

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
Amazon S3
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
71

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
72

You are designing a solution for an audit firm that needs to store encrypted data in S3 for 10 years. They require that the encryption keys are rotated annually and that no one, including AWS, can access the cleartext keys. Which AWS KMS key type and rotation should you use?

AWS KMS Customer Managed Key (CMK) with Automatic Annual Rotation
AWS Managed Key
AWS KMS CMK with imported key material (manual rotation)
CloudHSM with manual key rotation
View Explanation
✓ Correct Answer: AWS KMS Customer Managed Key (CMK) with Automatic Annual RotationExplanation:Customer Managed Keys (CMKs) support automatic annual rotation. Only the customer can manage the access policy to these keys via IAM/Key policies.
73

An organization wants to centralize the management of their secrets (API keys, DB passwords, etc.) across 50 AWS accounts. They want to ensure they can rotate passwords without downtime and audit who accessed the secrets. Which service is appropriate?

AWS Secrets Manager
AWS Parameter Store
IAM
AWS CloudHSM
View Explanation
✓ Correct Answer: AWS Secrets ManagerExplanation:Secrets Manager is specialized for credentials, offering native rotation for RDS/Aurora and detailed audit logging via CloudTrail.
74

An organization is using Amazon S3 to store patient records. They must ensure that the records are encrypted at rest with keys that they rotate every 90 days and that AWS itself cannot access. Which KMS key configuration meets this requirement?

Customer Managed Key (CMK) with Imported Key Material (manual rotation)
AWS Managed Key
AWS Owned Key
CMK with automatic rotation
View Explanation
✓ Correct Answer: Customer Managed Key (CMK) with Imported Key Material (manual rotation)Explanation:By importing your own key material into a CMK, you maintain full control over the key, but you must also manage the rotation manually.
75

Which AWS security service allows you to automatically rotate your database passwords every 30 days and provides a managed way to inject these secrets into your Lambda functions without human intervention?

AWS Secrets Manager
AWS Systems Manager Parameter Store
AWS KMS
IAM roles
View Explanation
✓ Correct Answer: AWS Secrets ManagerExplanation:Secrets Manager provides native rotation logic for popular AWS databases and an API to securely retrieve secrets.
76

An organization wants to ensure that all their critical S3 buckets are encrypted with keys that only they physically possess in an on-premises HSM. Which KMS feature allows you to use your own HSM as the back-end for KMS encryption?

KMS External Key Store (XKS)
KMS CloudHSM (Custom Key Store)
KMS CMK with Imported Material
AWS Managed Keys
View Explanation
✓ Correct Answer: KMS External Key Store (XKS)Explanation:XKS allows AWS KMS to use a key store located outside of AWS (like your on-prem HSM), providing the highest level of cryptographic control.
77

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
78

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS KMS
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
79

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS KMS
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
80

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS IAM
Amazon S3
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
81

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
Amazon S3
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
82

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
83

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS WAF
Amazon S3
AWS KMS
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
84

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
85

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
Amazon S3
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
86

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
87

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
88

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
89

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS WAF
AWS IAM
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
90

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
AWS KMS
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
91

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
92

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS WAF
Amazon S3
AWS IAM
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
93

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
Amazon S3
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
94

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
95

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS WAF
AWS KMS
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
96

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
AWS KMS
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
97

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
98

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
AWS KMS
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
99

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS WAF
AWS KMS
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
100

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
Amazon S3
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
101

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
102

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS WAF
AWS IAM
Amazon S3
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
103

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
104

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
Amazon S3
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
105

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
106

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS WAF
AWS KMS
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
107

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
Amazon S3
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
108

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
109

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
Amazon S3
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
110

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
111

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS KMS
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
112

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS IAM
AWS WAF
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
113

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
AWS KMS
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
114

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS KMS
Amazon S3
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
115

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS KMS
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
116

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
117

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS IAM
AWS WAF
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
118

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS KMS
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
119

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS IAM
Amazon S3
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
120

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
121

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
Amazon S3
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
122

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS WAF
AWS IAM
AWS KMS
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
123

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS KMS
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
124

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS KMS
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
125

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

Amazon S3
AWS IAM
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
126

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS WAF
AWS IAM
AWS KMS
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
127

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
Amazon S3
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
128

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
Amazon S3
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
129

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
AWS WAF
Amazon S3
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
130

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
131

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
132

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
Amazon S3
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
133

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
Amazon S3
AWS WAF
AWS IAM
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
134

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
AWS WAF
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
135

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS WAF
AWS KMS
AWS IAM
Amazon S3
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
136

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS KMS
Amazon S3
AWS IAM
AWS WAF
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.
137

Company policy requires that all database encryption keys be managed centrally and rotated annually. You need a secure, durable service to store and manage these cryptographic keys. Which service should you use?

AWS IAM
Amazon S3
AWS WAF
AWS KMS
View Explanation
✓ Correct Answer: AWS KMSExplanation:AWS KMS is a managed service that makes it easy to create and control the cryptographic keys used to encrypt your data.