Your company uses KMS to fully manage the master keys and perform encryption and decryption operations on your data and applications.As an additional level of security, you now recommend AWS rotate your keys. What would happen after enabling this additional feature?

Answer options:

A.Nothing needs to be done. KMS will manage all encrypt/decrypt actions using the appropriate keys.
B.Your company must instruct KMS to re-encrypt all data in all services each time a new key is created.
C.You have 30 days to delete old keys after a new one is rotated in.
D.Your company must create its own keys and import them to KMS to enable key rotation.

Correct Answer: A
Option A is correct. KMS will rotate keys annually and use the appropriate keys to perform cryptographic operations.
Option B is incorrect. This is not necessary. KMS, as a managed service, will keep old keys and perform operations based on the appropriate key.
Option C is incorrect. This is not a requirement of KMS.
Option D is incorrect. This is not a requirement of KMS.
References:
https://aws.amazon.com/kms/faqs/
ttps://docs.aws.amazon.com/general/latest/gr/rande.html#kms_region
https://www.slideshare.net/AmazonWebServices/encryption-and-key-management-in-aws