Refer to the exhibit. A compliance auditor reviews the key configuration and finds a potential issue. What is the most likely compliance impact?
Many compliance standards (e.g., PCI DSS) require periodic key rotation; a null rotation period means no rotation is scheduled.
Why this answer
Option C is correct because many compliance frameworks (e.g., PCI DSS, SOC 2, NIST SP 800-57) require cryptographic keys to be rotated periodically to limit the amount of data encrypted under a single key and reduce the impact of key compromise. In Cisco's key configuration, if automatic rotation is not enabled or configured, the key remains static, which can violate these compliance mandates. The auditor identifies the lack of automatic rotation as a potential non-compliance issue, even if the key is otherwise valid and functional.
Exam trap
Google Cloud often tests the distinction between a key being 'functional' versus 'compliant' — candidates may assume that because a key works and is not expired, it is compliant, but the trap is that compliance frameworks require proactive rotation policies, not just key validity.
How to eliminate wrong answers
Option A is wrong because a key being disabled would be a separate administrative action or state; the exhibit does not show the key as disabled, and a disabled key would not be available for encryption at all, which is not the issue flagged by the auditor. Option B is wrong because the age of the key alone does not create a compliance impact unless a specific maximum key lifetime is defined by policy; the auditor's concern is about rotation, not recency. Option D is wrong because the key purpose (e.g., encryption, signing) is typically defined in the key's attributes or usage policy, and the exhibit does not indicate that the key is being used for an incorrect purpose; the issue is the lack of rotation, not misuse.