For Individuals For Educators

Ace your certifications with Practice Exams and AI assistance.

Browse Exams
For Educators
Blog

Privacy Policy
Terms of Service
Cookie Policy
Support

AWS SAA Exam Prep
PMI PMP Exam Prep
CPA Exam Prep
GCP PCA Exam Prep

© 2026 TinyHive Labs. Company number 16262776.

Practice AWS Solutions Architect Professional (SAP-C02)AWS Solutions Architect Professional SAP-C02 Practice Exam 3Question 08

Medium1 markMultiple Choice

Domain 2.3: Security ControlsSecurityEncryptionKMS

AWS SAP-C02 · Question 08 · Domain 2.3: Security Controls

An application stores sensitive PII in Amazon S3. Compliance requires that data is encrypted at rest using keys managed by the company, and the encryption keys must be rotated annually automatically. Which encryption strategy meets these requirements?

Answer options:

A.

Server-Side Encryption with Amazon S3 Managed Keys (SSE-S3).

B.

Server-Side Encryption with AWS KMS Customer Managed Keys (SSE-KMS) with automatic key rotation enabled.

C.

Client-Side Encryption using AWS KMS.

D.

Server-Side Encryption with AWS KMS AWS Managed Keys.

How to approach this question

Identify the KMS key type that allows customer control and automatic rotation.

Full Answer

B.Server-Side Encryption with AWS KMS Customer Managed Keys (SSE-KMS) with automatic key rotation enabled.✓ Correct

Customer Managed Keys in KMS allow users to enable automatic rotation, which occurs every 365 days.

Common mistakes

Confusing AWS Managed Keys (rotated every 3 years) with Customer Managed Keys.

Question 07 All questions Question 09

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3

75 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...Hard Q02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...Medium Q03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...Hard Q04A company is setting up a new multi-account AWS environment. They want to automate the creation o...Medium Q05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium

View all 75 questions →