kms Flashcards
You need need to re-encrypt a file with a new customer master key, which API call can you use to do this?
enable-key-rotation
decrypt and encrypt
encrypt
re-encrypt
re-encrypt
Which of the following is an encrypted key used by KMS to encrypt your data?
Envelope Key
Customer Master Key
Encryption Key
Customer Managed Key
Envelope Key
Which of the following is a managed service that allows you to create and control the encryption keys used to encrypt your data?
KMS
RDS Encryption
S3 Encryption
CMS
KMS
Which of the following statements are correct? (Choose 2)
The Envelope Key or Data Key is used to encrypt and decrypt plain text files
The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key
The Envelope Key or Data Key is used to encrypt and decrypt the Customer Master Key
The Customer Master Key is used to encrypt and decrypt plain text files
The Envelope Key or Data Key is used to encrypt and decrypt plain text files
The Customer Master Key is used to encrypt and decrypt the Envelope Key or Data Key
You are working on a project which requires a Key Management Solution. Your Security Architect has confirmed that a multi-tenant solution is fine. Which solution do you recommend?
S3 Encryption
KMS
CloudHSM
Client Side Encryption
KMS
You would like KMS to rotate your encryption keys on a yearly basis, which API command can you use to configure this?
configure-key-rotation
chkconfig key-rotation on
enable-key-rotation
setup-key-rotation -y
enable-key-rotation
Which of the following statements is correct in relation to KMS? (Choose 2)
KMS encryption keys are global
KMS encryption keys are regional
You can export your customer master key
You cannot export you customer master key
KMS encryption keys are regional
You cannot export you customer master key
Which command can you use to encrypt a plain text file using a CMK?
aws iam encrypt
aws kms encrypt
aws encrypt
aws kms-encrypt
aws kms encrypt
