Which statement best describes the encryption keys lifecycle, including rotation, revocation, and separation of duties?

Key management uses rotation to limit how long a single key protects data, reducing the potential impact if that key is exposed. When a key is rotated, the older key should be revoked to prevent any further use, ensuring compromised or obsolete keys can no longer unlock data. Revocation is the control that invalidates a key before its expiration or after a problem is found, separate from but complementary to rotation. Separation of duties adds another layer of protection by ensuring different people or teams handle key management and data access, lowering the risk of misuse or errors. Together, rotation, revocation, and separation of duties create a safer, auditable lifecycle for encryption keys. The other statements misstate these relationships: rotation does not increase exposure, revocation remains necessary even with rotation, and separation of duties is indeed relevant to key management.