AWS Certified SysOps Administrator SOA-C01 – Question858

A SysOps Administrator using AWS KMS needs to rotate all customer master keys (CMKs) every week to meet Information Security guidelines.
Which option would meet the requirement?

A.
Create a new CMK every 7 days to manually rotate the encryption keys.
B. Enable key rotation on the CMKs and set the rotation period to 7 days.
C. Switch to using AWS CloudHSM as AWS KMS does not support key rotation.
D. Use data keys for each encryption task to avoid the need to rotate keys.