You are a data scientist at a healthcare company working on a machine learning model that processes sensitive patient data. The company uses AWS Key Management Service (KMS) to manage encryption keys for secure data storage and access. Which of the following are best practices when using AWS KMS to protect sensitive data? (Select two)