Key Management Service basics

Question 1

uses hardware security modules that make it easy for you to create and control your encryption keys.

Answer 1

AWS Key Management Service or KMS

Question 2

Is KMS a regional service?

Answer 2

Yes

Question 3

Is KMS a public service?

Answer 3

Yes

Question 4

most basic resource in AWS KMS

Answer 4

Customer Master Key or CMK

Question 5

a 256-bit key that is used for encryption and decryption

Answer 5

Symmetric

Question 6

an RSA key pair that is used for encryption and decryption or signing and verification (but not both), or an elliptic curve (ECC) key pair that is used for signing and verification

Answer 6

Asymmetric

Question 7

Do keys leave KMS?

Answer 7

No it provides FIPS 140-2

Question 8

type of key designed to encrypt and decrypt data at least once or possibly multiple times

Answer 8

Data Encryption Key (DEK)

Question 9

AWS KMS does store, manage, or track your data keys, or perform cryptographic operations with data keys

Answer 9

False

Question 10

Can KMS keys leave a region

Answer 10

No they are isolated to a region

Question 11

Keys that you (customer) have full control over

Answer 11

Customer Managed Keys

Question 12

Keys that are created, managed, and used on your behalf
by an AWS service that is integrated with KMS

Answer 12

AWS managed Keys

Question 13

primary way to control access to KMS keys and determine who has permission to use the KMS key and how they can use it

Answer 13

Key Policies

Question 14

Can you use IAM policies in tandem with Key Policies

Answer 14

Yes

Question 15

Without permission from the key policy, IAM policies that allow permissions have no effect

Answer 15

True

Question 16

A key policy controls access only to a KMS key in the same Region. It has no effect on KMS keys in other Regions

Answer 16

True