You have been experimenting with the usage of KMS keys. Along the way, you have created several CMK keys and used them in applications in different areas. You now want to delete the keys which are no longer being used. Which of the following options would you use to achieve this? (Select TWO.)

Answer options:

A.Use AWS Config to see where all the keys have been used.
B.Use CloudTrail logs to see where all the keys have been used.
C.Consider disabling the keys that are not being used.
D.Consider rotating the keys being used.

Answer – B and C
The AWS Documentation mentions the following.
Deleting a customer master key (CMK) in AWS Key Management Service (AWS KMS) is destructive and potentially dangerous. It deletes the key material and all metadata associated with the CMK, and is irreversible. After a CMK is deleted, you can no longer decrypt the encrypted data under that CMK, which means that data becomes unrecoverable. You should delete a CMK only when you are sure that you don`t need to use it anymore. If you are not sure, consider disabling the CMK instead of deleting it. You can re-enable a disabled CMK if you need to use it again later, but you cannot recover a deleted CMK.
AWS KMS is integrated with AWS CloudTrail, so all AWS KMS API activity is recorded in CloudTrail log files. If you have CloudTrail turned on in the region where your customer master key (CMK) is located, you can examine your CloudTrail log files to view a history of all AWS KMS API activity for a particular CMK, and thus its usage history. 
Option A is invalid since AWS Config will talk about resource changes but not usage on the AWS Keys.
Option D is invalid since we don’t need to rotate keys because that is not the objective of the question.
For more information on deleting keys, please visit the below URL
https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html