Q. A Data Analyst has an application running on-premises that utilizes Amazon Kinesis Software Development Kit (SDK) to push data to Amazon Kinesis Data Streams. She must encrypt data at rest using AWS Key Management Service. It’s mandatory that the encryption key be rotated at least every 2 years to comply with security requirements.
The answer doesn’t really address why choice#4 is not a good answer. If the default key is rotated every year, that satisfies the requirement of rotating the key at least once every two years – right? Can you please elaborate as to why choice#4 doesn’t work?
Thank you for bringing this to our attention. You are correct that the given conditions may not be sufficient to invalidate the 4th option.
We appreciate your feedback and will take steps to tweak the scenario and options to make them more accurate. We apologize for any confusion this may have caused. If you have any further questions or concerns, please do not hesitate to let us know.