Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS - Certified Developer - Associate 2020 > Section 9 - AWS KMS > Flashcards

Section 9 - AWS KMS Flashcards

1
Q

What is AWS KMS?

A

AWS Key Management Service

  • Managed
    • Managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.
  • Integrated
    • Seamlessly integrated with many AWS services to make encrypting data into those services as easy as checking a box.
  • Key Types
    • Symmetric
      • A single encryption key that is used for both encryption and decrytpion operations
    • Asymmetric
      • A public and privae key pair that can be used for encryption and decryption to sign or verify operations
      • Use when doing encryption outside of AWS.
  • Regional service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AWS KMS Use cases?

A

Whyen to use KMS:

Whenever you are dealing with sensitive information

  • Sensitive data that you want to keep secret
  • Customer data
  • Financial data
  • Database passwords
  • Credentials
  • Secrets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a CMK?

A
  • Customer Master Key
    • Encrypt / Decrytp data up to 4KB
  • What is it used for?
    • Generate / Encrypt / Decrypt the Data key.
  • Data key
    • Used to encrypt / Decrypt your data.
    • The process of encrypting the data key to encrypt your data is called Envelope Encryption.
  • Properties
    • Alias
      • Your application can refer to the alias when using the CMK.
    • Creation Date
      • The date and time when the CMK was created
    • Description
      • You can add your own descritpion to the describe the CMK
    • Key State
      • Enabled, Disabled, pending deletion, unavailable
    • Key Material
      • Customer-provided or AWS-provided
    • Stays Inside KMS
      • Can never be exported
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the difference Between AWS-Managed CMK and Customer-Managed CMK?

A
  • AWS-Managed CMK
    • AWS-provided and AWS-managed CMK. Used on your behalf with the AWS services integrated with KMS.
  • Customer-Managed CMK
    • You create,own and managed yourself.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AWS KMS API Calls?

A
  • aws kms encrypty
    • Encrypts plaintext into ciphertext by using a customer master key.
  • aws kms decrypt
    • Decrypts ciphertext that was encrypted by an AWS KMS customer master key (CMK).
  • aws kms re-encrypt
    • Decrypts ciphertext and then re-encrypts it entirely within AWS KMS(e.g. when you change the CMK or manually rotate route the CMK)
  • aws kms enable-key-rotation
    • Enables automatic key rotation every 365 days.
  • aws kms generate-data-key
    • uses the CMK to generate a Data-key to encrypt data > 4kb
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Envelope Encryption?

A
  • A process for encrypting your data. it applies to files > 4 KB

Why Envelope Encryption?

  • Network
    • When you encrypt data directly with KMS it must be transferred ober the network.
  • Performance
    • With envelope encryption, only the data key goes over the network, not your data
  • Benefits
    • The data key is used locally in your application or AWS service, avoid need to trasnfer large amounts of data to KMS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS - Certified Developer - Associate 2020 (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions