Security Flashcards
What does KMS stand for?
Key Management Service
What does CMK stand for?
Customer Master Key
What is a CMK?
- A logical representation of a key
- A pointer to some underlying cryptographic material
How large can data encrypted by CMKs be?
Up to 4KB in size
What is the pricing structure for KMS?
You pay per API call
What does FIPS stand for?
Federal Information Processing Standards
What type of FIPS service is KMS?
KMS is a FIPS 140-2 Level 2 service
What is a FIPS Level 2 service?
A service that can show evidence of tampering
On the exam, if you see FIPS 140-2 Level 2, what should you think of?
KMS
What are the three types of CMKs? What are the major differences between them?
- AWS Managed CMKs - (default) Only used by your service
- Customer Managed CMKs - Allow for key rotation
- AWS Owned CMKs - (rare) Used by AWS on a shared basis across many accounts
What is the important conceptual difference between Symmetric CMKs and Asymmetric CMKs?
- Symmetric CMKs use the same key for encryption and decryption
- Asymmetric CMKs use a mathematically related public/private key pair
What is the encryption algorithm used for Symmetric CMKs?
AES-256
What is the encryption algorithm used for a**symmetric CMKs?
RSA and/or Elliptic-Curve Cryptography
What does ECC stand for (NOT the same as EC2)?
Elliptic-Curve Cryptography
By default, what permissions are granted to a newly-created CMK?
full access to the CMK