🔥 3-day streak
AWS Certified CloudOps Engineer - Associate102 / 159
Question 102 of 159

A CloudOps engineer manages a customer managed KMS key (symmetric) used to encrypt sensitive data in several S3 buckets. A new compliance mandate requires that the cryptographic key material be rotated at least once per year with minimal operational effort and without re-encrypting existing objects or changing key references in applications. What should the engineer do?

Reviewed for accuracy · Report an issueNext question