Answer: B.
Option A is incorrect.
AWS managed KMS keys cannot be deleted unlike their Customer Managed counterparts.
Option B is CORRECT.
AWS managed KMS keys can only be rotated automatically compared to the Customer Managed KMS keys that can be rotated automatically or manually.
Manual rotation of keys provides greater control over the keys & makes it more secure and difficult to compromise.
Option C is incorrect.
AWS KMS integrates CloudTrail that will record calls to KMS by various users, roles, and other AWS services.
All API calls to KMS are captured as events by CloudTrail that can be logged to destinations like S3 or send them to CloudWatch for analysis.
Option D is incorrect.
AWS managed KMS keys cannot be managed, rotated or their policies changed by a user.
They can only be viewed within the account.
Customer-managed KMS keys, on the other hand, can be fully controlled by a user for maintaining their key policies, IAM policies, Enabling/disabling them, rotating them, etc...