KMS

Question 1

Does KMS support only asymmetric encryption keys?

Answer 1

No, KMS supports both symmetric and asymmetric encryption keys

Question 2

Which cryptographic operations is KMS capable of?

Answer 2

Encryption and decryption

Question 2

Are KMS keys used directly to encrypt data?

Answer 2

No, KMS keys are used to generate Data Encryption Keys (DEKs), which are used to encrypt data

Question 3

What is the maximum size of data that KMS keys can work on?

Answer 3

Up to 4KB in size (4,096 bytes to be precise)

Question 4

How is access to KMS keys provided?

Answer 4

Access must be explicitly provided through the KMS key resource-based policy

Question 5

In the scenario of key rotation, how does KMS decrypt data that was previously encrypted by an older key?

Answer 5

KMS retains previous keys so that data encrypted before rotation can still be decrypted

Question 6

How would you describe the KMS scope?

Answer 6

KMS is a regional and public service

Question 7

Can KMS keys leave KMS unencrypted?

Answer 7

No, KMS keys never leave KMS unencrypted

Question 8

What types of keys does KMS feature?

Answer 8

AWS owned keys, AWS managed keys, and customer managed keys

Question 9

Which type of KMS keys are created, owned, and managed by you in your AWS account?

Answer 9

Customer managed keys

Question 10

Which type of KMS keys in your AWS account are created, managed, and used on your behalf by an AWS service integrated with AWS KMS?

Answer 10

AWS managed keys

Question 11

Which type of KMS keys are owned and managed by an AWS service for use in multiple AWS accounts?

Answer 11

AWS owned keys