Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Timed Set 3 – Q7

  • Timed Set 3 – Q7

  • AJam

    March 24, 2024 at 6:37 pm

    The question is as follows:

    A healthcare organization has a data retention policy where a secure destruction process must be run when the patient data approaches the end of its retention period. The organization needs a cryptographic implementation that can perform cryptographic erasures within at least 7 days when the data is no longer required. An AWS Key Management Service (AWS KMS) custom key store must be used to manage the customer master keys (CMKs).

    Which of the following must be implemented to meet these specifications?

    – Create a Hash-Based Message Authentication Code (HMAC) KMS key
    – Utilize a customer-managed CMK in AWS KMS
    – Make use of an AWS-managed CMK.
    – Use a CMK with an imported key material

    Below is the explanation provided

    The option that says: Make use of an AWS-managed CMK is incorrect. AWS-managed CMKs are practical for most use cases, but they don’t let you schedule deletion or regulate the cryptographic erasure procedure. AWS automatically handles the deletion and cryptographic erasure of CMKs it manages, with no option to set a waiting period or initiate the erasure within a defined timeframe.

    I don’t think there is anything such as “AWS-Managed CMK”. According to it should be “AWS managed keys”. Please update to remove confusion.

  • Neil-TutorialsDojo

    March 26, 2024 at 3:28 pm

    Hi AJam,

    AWS-managed CMK is an old term, which “AWS managed keys” replaced. Thank you for bringing this up, and rest assured that we will update this as soon as possible.

    If you have any further questions or concerns, please feel free to reach out.

    Thank you for your understanding.

    Neil @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018