Answer – B and C
The AWS Documentation mentions the following.
Deleting a customer master key (CMK) in AWS Key Management Service (AWS KMS) is destructive and potentially dangerous. It deletes the key material and all metadata associated with the CMK, and is irreversible. After a CMK is deleted, you can no longer decrypt the encrypted data under that CMK, which means that data becomes unrecoverable. You should delete a CMK only when you are sure that you don`t need to use it anymore. If you are not sure, consider disabling the CMK instead of deleting it. You can re-enable a disabled CMK if you need to use it again later, but you cannot recover a deleted CMK.
AWS KMS is integrated with AWS CloudTrail, so all AWS KMS API activity is recorded in CloudTrail log files. If you have CloudTrail turned on in the region where your customer master key (CMK) is located, you can examine your CloudTrail log files to view a history of all AWS KMS API activity for a particular CMK, and thus its usage history.
Option A is invalid since AWS Config will talk about resource changes but not usage on the AWS Keys.
Option D is invalid since we don’t need to rotate keys because that is not the objective of the question.
For more information on deleting keys, please visit the below URL
https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html