🔥 3-day streak
AWS Certified Data Engineer - Associate85 / 159
Question 85 of 159
A data engineering team stores sensitive customer records in an S3 bucket encrypted with a customer managed AWS KMS key (SSE-KMS). A new compliance mandate requires that the encryption key material be rotated automatically every year and that all decryption operations against the key be logged for audit purposes. The team must implement this with the least operational overhead. Which combination of actions meets these requirements?
Reviewed for accuracy · Report an issueNext question