🔥 3-day streak
AWS Certified Security - Specialty79 / 157
Question 79 of 157

A financial services company encrypts sensitive customer records in Amazon S3 using a customer managed AWS KMS key (symmetric). To satisfy a new compliance mandate, the security team enables automatic key rotation on the KMS key. An auditor asks whether previously encrypted objects must be re-encrypted after rotation occurs, and how AWS KMS is able to decrypt objects that were encrypted before the rotation. Which statement correctly describes the behavior of automatic key rotation for this symmetric customer managed key?

Reviewed for accuracy · Report an issueNext question