🔥 3-day streak
AWS Certified Security - Specialty30 / 157
Question 30 of 157

A financial services company stores sensitive transaction records in an Amazon DynamoDB table. Compliance requires that the company be able to prove exactly when the encryption key was used, control key rotation on its own schedule, and be able to immediately deny all access to the data by disabling the key without deleting the table. The team currently uses the default AWS owned key for the table. Which change should the security engineer make to meet all of these requirements?

Reviewed for accuracy · Report an issueNext question