From the course: AWS Certified Security - Specialty (SCS-C03) Cert Prep

Unlock this course with a free trial

Join today to access over 25,600 courses taught by industry experts.

Data and Application Protection Exam Cram

Data and Application Protection Exam Cram - Amazon Web Services (AWS) Tutorial

From the course: AWS Certified Security - Specialty (SCS-C03) Cert Prep

Start my 1-month free trial Buy for my team

Data and Application Protection Exam Cram

Welcome to the Data and Application Protection exam cram. You can create and manage symmetric and asymmetric encryption keys with KMS, and they're protected by Hardware Security Modules, HSMs. KMS keys used to be known as Customer Master Keys, or CMKs, and that terminology could still be used in various places, including the exam. KMS keys can only encrypt data up to four kilobytes in size. For anything larger, you need to create data encryption keys. AWS-managed KMS keys are created, managed, and used on your behalf by an AWS service that's integrated with KMS. You can't manage these keys, rotate them, or change their key policies. Automatic rotation of KMS keys generates new key material every year. It's optional for customer-managed keys and supported for symmetric keys with key material that AWS KMS creates. You can't use automatic rotation in the following situations. If you're using asymmetric KMS keys, you have KMS keys in custom key stores like CloudHSM, or you're using KMS…

Contents