-
Notifications
You must be signed in to change notification settings - Fork 25
5.q
1) Which CLI command do you run to determine whether a key is AWS managed or Customer managed?
A. aws kms describe-keys
B. aws kms list-keys
C. aws kms list-aliases
D. aws kmsapi describe-keys
2) Which CloudFormation AWS::KMS::Key property do you use to automatically rotate a KMS key?
A. EnableKeyRotation: true
B. AutoKeyRotation: true
C. RotateKey: true
D. EnableAutoRotation: true
3) What is the name of AWS managed key when encrypting a DynamoDB database in CloudFormation?
A. KMSMasterKeyId: dynamodb
B. KMSMasterKeyId: aws/dynamodb
C. KMSMasterKeyId: alias/aws/dynamodb
D. MasterKeyId: alias/aws/dynamodb
4) Is it possible to change the existing encryption key of an already encrypted RDS database instance?
A. Yes.
B. No.
C. Yes, but only if the Modification Policy is set to true.
- Introduction
- Labs
- The Current State of Encryption
- Setup Development Environment
- Lesson 1: Automating AWS Resources
- Lesson 2: Key Management
- Lesson 3: Developing with Encryption
- Lesson 4: Encryption in Transit
- Lesson 5: Encryption at Rest
- Lesson 6: Detecting Encrypted Resources
- Lesson 7: Logging and Searching KMS Keys
- Lesson 8: Continuous Encryption
- Summary