Practice Test

True/False: Amazon Redshift supports S3 server-side encryption using an Amazon S3-managed key or a KMS key?

  • True
  • False

Answer: True

Explanation: Amazon Redshift allows users to load data encrypted with the server-side encryption option in S3 using either S3-managed keys or AWS KMS managed keys for added security.

What is the data encryption method used by Amazon EMR at rest?

  • a) EMR File System (EMRFS)
  • b) Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
  • c) Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
  • d) All of the above

Answer: d) All of the above

Explanation: Amazon EMR uses all the three methods for data encryption at rest. User can choose the option best for their use case.

True/False: AWS Glue doesn’t support encryption at rest?

  • True
  • False

Answer: False

Explanation: AWS Glue supports encryption at rest using keys that you manage through AWS Key Management Service (AWS KMS).

Which AWS analytics service allows you to manage your own encryption keys via AWS KMS?

  • a) Amazon EMR
  • b) Amazon Redshift
  • c) AWS Glue
  • d) All of the above

Answer: d) All of the above

Explanation: All the mentioned AWS analytics services allow you to manage your own encryption keys for encrypting data via AWS Key Management Service (AWS KMS).

True/False: In AWS Glue, the metadata stored in the Glue Data Catalog is encrypted by default.

  • True
  • False

Answer: True

Explanation: By default, metadata stored in the AWS Glue Data Catalog is encrypted.

Can we enforce encryption for Amazon EMR clusters using any AWS service or feature?

  • a) AWS Shield
  • b) Security Groups
  • c) AWS Certificate Manager
  • d) Security Configuration

Answer: d) Security Configuration

Explanation: Security configurations are used in Amazon EMR to specify settings for encryption, Kerberos, Amazon EC2 instance profiles, and more.

What level of encryption does AWS Glue support?

  • a) SSL/TLS
  • b) Encryption at rest
  • c) Both A and B
  • d) None of the above

Answer: c) Both A and B

Explanation: AWS Glue supports both SSL/TLS for data in transit and encryption at rest for stored data.

True/False: Amazon Redshift does not support encryption at rest for cluster instances.

  • True
  • False

Answer: False

Explanation: Amazon Redshift supports encryption at rest for stored data on cluster instances, using hardware-accelerated Advanced Encryption Standard (AES-256).

Which AWS analytics service supports SSL encryption for data in transit?

  • a) Amazon EMR
  • b) Amazon Redshift
  • c) AWS Glue
  • d) All of the above

Answer: d) All of the above

Explanation: All mentioned AWS analytics services support SSL/TLS encryption to secure data in transit.

True/False: It is necessary to turn on encryption in AWS Glue while dealing with sensitive data.

  • True
  • False

Answer: True

Explanation: For sensitive data, it’s recommended to use encryption at rest and Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for data in transit. AWS Glue supports both.

Interview Questions

Does Amazon Redshift support data encryption?

Yes, Amazon Redshift supports data encryption for defined clusters using hardware-accelerated AES-256 and AWS Key Management Service (KMS).

Can data be encrypted at rest in Amazon EMR?

Yes, data at rest within Amazon EMR can be encrypted using various methods including AWS KMS and Amazon S3 server-side encryption.

What is the role of AWS Glue in data encryption?

AWS Glue supports encryption of the metadata stored in the Glue Data Catalog and the data stored in S3. It also supports both AWS managed keys and customer managed keys.

Is it possible to encrypt data in transit with Amazon Redshift?

Yes, SSL is used by Amazon Redshift to secure data when it is in transit.

Does Amazon EMR support encryption in transit?

Yes, Amazon EMR supports encryption in transit. It uses Transport Layer Security (TLS) to encrypt data transmitted between nodes in a cluster.

How does AWS Key Management service work with Amazon Redshift for data encryption?

AWS Key Management Service (KMS) is used to manage keys for encrypted database storage in Amazon Redshift cluster. While creating an encrypted Amazon Redshift cluster, you can either choose a default AWS managed key or specify a customer-managed key.

Can I encrypt the data stored in AWS Glue Data Catalog?

Yes, encryption for metadata stored in the AWS Glue Data Catalog is enabled by default. AWS KMS keys are used for this encryption.

What types of encryption keys for data-at-rest does Amazon Redshift support?

Amazon Redshift supports AWS managed keys and AWS KMS customer master keys (CMKs) for data-at-rest encryption.

Is there a default method for data encryption in Amazon EMR?

Amazon EMR encryption is not enabled by default. It supports several methods for data encryption, and the user must choose the one to employ.

Does Amazon Redshift allow encryption for snapshots and backups?

Yes, if a Redshift cluster is configured for encryption, all data on the disk, backups, and snapshots will be encrypted.

What key management options does Amazon EMR offer for data encryption?

Amazon EMR offers the choice of using AWS Key Management Service, a custom key management server, or a local disk hardware encryption controller.

How does AWS Glue handle encryption in transit?

AWS Glue uses secure connections such as SSL/TLS to ensure data is encrypted in transit.

Can you use a customer supplied encryption key in Amazon Redshift?

Yes, a customer-managed key can be used in Amazon Redshift when configuring encryption for a cluster.

Does Amazon EMR maintain encrypted data in memory?

No, Amazon EMR only provides data encryption at rest and in transit; it does not maintain encrypted data in memory.

Can users control the keys used for AWS Glue encryption?

Yes, users can use AWS KMS to create and manage their own keys, affording them more control over security.

Leave a Reply

Your email address will not be published. Required fields are marked *