A development team needs a centralized service to store, rotate, and control access to encryption keys for applications. Which solution best fits?

Port forwarding rule, because it allows applications to reach the encryption system.

Port forwarding changes network paths, but it does not provide secure key storage or key rotation capabilities.

Load balancer, because it distributes encryption requests across servers.

Load balancers improve availability and performance, but they do not manage cryptographic keys or define who may access them.

Web application firewall, because it protects the keys from injection attacks.

A WAF can help protect web apps from some attacks, but it is not a key management platform and does not store or rotate keys.

What does this SY0-701 question test?

Read the scenario before looking for a memorised answer.

What is the correct answer to this question?

The correct answer is: Key management service, because it centralizes key storage and rotation controls. — A key management service is the best fit for centrally storing, rotating, and controlling access to encryption keys. It gives the organization a managed way to handle key lifecycle tasks instead of spreading keys across applications or files. That reduces operational mistakes and improves security because keys can be rotated and access can be restricted from one place. The question describes exactly the kind of function a KMS is meant to provide. Why others are wrong: Port forwarding only changes network traffic flow and has nothing to do with secret key lifecycle management. A load balancer distributes traffic and improves resilience, but it does not store or rotate keys. A web application firewall filters web requests and helps with attack prevention, but it is not a key repository or key administration tool.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.