Encryption & Downtime Flashcards

1
Q

True or False: For most AWS resources, encryption can only be enabled at the time of creation

A

True. If encryption is needed, make sure this is done at creation time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

If you have an existing EFS file system and need to encrypt it, how can this be done?

A

Create a new encrypted EFS filesystem and migrate your data to it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If you have an existing RDS database and need to encrypt it, how can this be done?

A

Create a new encrypted RDS instance and migrate the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Can you encrypt an unencrypted EBS volume?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Can you unencrypt an encrypted EBS volume?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If you need to unencrypt data on an encrypted EBS volume, how can this be done?

A

You can migrate data between encrypted and unencrypted volumes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can you encrypt an existing unencrypted EBS volume?

A

Create a snapshot, copy the snapshot and apply encryption. Then restore the new encrypted snapshot to a new volume.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you encrypt an unencrypted S3 bucket?

A

At any time. Unlike other AWS services, S3 is more forgiving with encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True or False: It is a good idea to stop your applications when migrating data?

A

True. This ensures no new data is missed, and does not negatively affect the performance of the application in production.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What, generally, do KMS and CoudHSM do?

A

Allow you to generate, store and manage cryptographic keys used to protect your data in AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does an HSM do?

A

Used to protect the confidentiality of your keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does KMS stand for?

A

Key managed Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does KMS do?

A

Allows you to generate, store and manage your encryption keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Is KMS dedicated or multi-tenant?

A

multi-tenant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is KMS free-tier eligible?

A

Yes. Go try it out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the use case for KMS?

A

For encryption needs where multi-tenancy is permitted.

17
Q

KMS uses Symmetric key cryptography. What is this?

A

Symmetric key cryptography uses the same algorithm and key to both encrypt and decrypt digital data.

18
Q

What kind of cryptography does AWS KMS use?

A

Symmetric key cryptography

19
Q

What is CloudHSM?

A

Hardware Security Module instance. Dedicated, and not shared with other tenants.

20
Q

True or False: CloudHSM is a shared, multi-tentant service?

A

False. It is dedicated.

21
Q

Is CloudHSM free-tier eligible?

A

No.

22
Q

What is the use case for CloudHSM?

A

For compliance that restricts the use of multi-tenant key management services.

23
Q

What compliance does CloudHSM meet?

A

FIPS 140-2 Level 3 compliance

24
Q

What is FIPS 140-2

A

US Government standard for HSMs which include tamper-evident physical security mechanisms

25
Q

What kind of cryptography does CloudHSM use?

A

Symmetric or asymmetric cryptography

26
Q

What is asymmetric cryptography?

A

a different algorythm and key for encryption and decryption operations.