Home › Forums › AWS › AWS Certified Security – Specialty › KMS rotation question includes incorrect response
-
KMS rotation question includes incorrect response
-
Hey there. I think there’s an issue with this question:
“A company is using AWS KMS to create and control various types of CMKs that are used by its applications. The Security Engineer has been instructed to handle the key rotation process of the AWS managed CMKs, customer managed CMKs, and Asymmetric CMKs.
Which of the following actions should the engineer do to satisfy the above requirement? (Select THREE).”Among the correct answers, you listed:
“Enable automatic key rotation on the AWS managed CMKs to rotate the keys every three years.”
However, while the rotation time is correct, we don’t control AWS managed CMKs rotation, and cannot enable or disable it (it even says so in the AWS documentation included as part of the answer explanation).
This should probably be changed to something like:
“AWS managed CMKs automatically rotate every three years, so the Security Engineer doesn’t need to take any actions for them.” -
Hello daniel-15,
Thank you for your feedback.
I agree that there is no option to “enable” or manage the rotation for AWS managed CMKs, because AWS will automatically rotate these keys every 3 years.
Our team will review and update the choices for this question.
Also, please note that there are questions in the actual AWS exam that are difficult, tricky, and ambiguous. This is the style that we are trying to mimic in our practice tests. Some of the questions do not explicitly show the obvious keywords or phrases that will easily point to the answer.
Let us know if you need further assistance. We’d be happy to hear from you.
Regards,
Kenneth Samonte @ Tutorials Dojo
Log in to reply.