Practice Test
True or False: Encryption helps in securing your data when it’s being transmitted over networks.
- True
- False
Answer: True
Explanation: Encryption ensures that the data is unreadable by unauthorized users while being transmitted over networks. Thus, it adds a layer of security to the data.
Which of the following are common types of encryption? (Multiple Select)
- A. Symmetric encryption
- B. Asymmetric encryption
- C. Transparent encryption
- D. Score encryption
Answer: A, B
Explanation: Symmetric and asymmetric encryption are two common types of encryption. Symmetric encryption uses the same key for both encryption and decryption whereas asymmetric uses different keys for encryption and decryption.
True or False: AWS Key Management Service (KMS) supports both types of encryption.
- True
- False
Answer: True
Explanation: AWS KMS is a managed service that makes it easy for you to create and control the cryptographic keys used to encrypt your data and supports both symmetric and asymmetric encryption.
Which AWS service enables you to rotate, define, and manage keys?
- A. AWS Shield
- B. AWS Key Management Service (KMS)
- C. AWS Identity Access Management (IAM)
- D. AWS CloudFront
Answer: B
Explanation: AWS KMS is a service that allows you to easily rotate, define, and manage keys used for data encryption.
Single Select: How many primary components does AWS KMS include?
- A. Two
- B. Three
- C. Four
- D. Five
Answer: B
Explanation: AWS KMS includes three primary components: customer master keys (CMKs), data keys and the cryptographic operations.
True or False: In Symmetric encryption, a single key is needed for both encryption and decryption.
- True
- False
Answer: True
Explanation: In symmetric encryption, the same key is utilized for both the encryption of plaintext and the decryption of ciphertext.
Using AWS services, who can manage keys used to decrypt the data?
- A. Only AWS
- B. Only Customer
- C. Both AWS and the Customer
- D. Nobody
Answer: C
Explanation: AWS provides services where either AWS can manage keys or customers can manage keys, or a combination of both.
True or False: AWS KMS provides automatic key rotation.
- True
- False
Answer: True
Explanation: AWS KMS provides the option to rotate keys every year. This is an important feature to protect data.
Which AWS service allows you to manage permissions to your keys?
- A. AWS Identity Access Management (IAM)
- B. AWS Security Token Service (STS)
- C. AWS Organizations
- D. AWS Macie
Answer: A
Explanation: IAM enables you to manage access to AWS services and resources securely, including permissions to keys.
Single Select: The expiration of a master key in AWS KMS impacts the data keys derived from it.
- A. True
- B. False
Answer: B
Explanation: The expiration of a CMK in AWS KMS does not impact data keys derived from it. The data keys can still be used to decrypt data they encrypted even after the CMK is expired.
True or False: It is good practice to share your encryption keys with your partner companies for easier data sharing.
- True
- False
Answer: False
Explanation: Sharing encryption keys is a security risk and is not recommended. It can lead to unauthorized access of data. The data should rather be decrypted before sharing or a secure mechanism for sharing encrypted data should be established.
Interview Questions
What is the main function of AWS Key Management Service (KMS)?
AWS Key Management Service (KMS) is primarily used to create and manage cryptographic keys, centralizing their control across a wide range of AWS services and applications.
What is the significance of AWS CloudHSM service?
AWS CloudHSM service provides hardware security modules in the AWS Cloud. It is used to manage cryptographic keys and protect the keys in hardware.
What are the commonly used AWS services that integrate with AWS KMS?
The commonly used AWS services that integrate with AWS KMS include Amazon S3, Amazon EBS, Amazon RDS, Amazon Redshift, Amazon DynamoDB, AWS Elastic Beanstalk, etc.
What is an AWS KMS customer master key (CMK)?
A Customer Master Key (CMK) in AWS KMS is a logical representation of a master key that is either created within KMS for you or is imported from your existing key management infrastructure.
How secure is the data which is encrypted using KMS?
Data encrypted using AWS KMS is quite secure as the plaintext key material is never written to disk and is only used in volatile memory of the KMS HSMs.
Which encryption algorithm is used by AWS KMS?
AWS KMS uses the AES-256 (Advanced Encryption Standard) encryption algorithm.
Can you specify the AWS resources and designate who can use them with which permissions in AWS Key Management Service?
Yes, AWS Key Management Service allows you to establish policies specifying the AWS resources and designate who can use them and with what permissions.
What type of encryption keys does AWS KMS Support?
AWS KMS supports symmetric and asymmetric keys. Symmetric keys are the same for encryption and decryption, while asymmetric keys have a public key for encryption and a separate private key for decryption.
How many types of CMKs does AWS KMS provide?
There are four types of CMKs that AWS KMS provides: AWS managed CMKs, Customer managed CMKs, AWS owned CMKs and Custom key store CMKs.
Can you share CMKs across AWS accounts?
Yes, AWS allows you to share the customer-managed CMKs across AWS accounts.
Can you delete a customer-managed CMK?
Yes, customer-managed CMK can be deleted. However, AWS does not directly delete a CMK. Instead, AWS removes all permissions to the key, and the key is scheduled for deletion.
Is the data encrypted using the KMS stored in AWS?
No, the data encrypted with AWS KMS keys stays within the service where you established encryption. KMS only stores the keys.
How many CMK’s per account per region are allowed in AWS KMS?
AWS KMS supports up to 1000 CMKs per account, per region.
How is AWS KMS protecting the security of your keys?
AWS KMS is designed so that no one, including AWS employees, can retrieve your plaintext keys. It uses FIPS 140-2 validated HSMs to protect the confidentiality and integrity of your keys.
Can you rotate the AWS KMS keys?
Yes, AWS KMS provides automatic key rotation for customer managed CMK’s every year. For AWS managed CMK’s, AWS automatically rotates keys every three years.
extutorials.com