Back to AWS KMS

Customer Master Key

5 minutes 5 Questions

A Customer Master Key (CMK) is a logical representation of a master key in AWS KMS. It can be used to encrypt and decrypt data, as well as to generate and manage data keys. CMKs can be created either by the AWS KMS service or by the customer themselves. When a customer creates a CMK, they have full…

Test mode:
Start practice test
AWS Certified Solutions Architect - Customer Master Key Example Questions

Test your knowledge of Customer Master Key

Question 1

You have AWS CloudTrail enabled in your AWS account to log all usage of the Customer Master Keys in AWS KMS. What information should you expect to find in the CloudTrail logs?

Correct Answer: API calls/events containing metadata about the key usage

AWS CloudTrail logs API calls/events pertaining to various AWS services, including AWS KMS. The logs will contain metadata about the key usage, such as who used the key, for what purpose, and when. CloudTrail, however, will not log actual key material, encrypted data or any unrelated aspects like IAM permissions or policies.

Question 2

You're using AWS KMS to manage Customer Master Keys (CMKs) for your application. However, only certain employees should be able to view, and manage the CMKs. Which AWS service should you use to restrict access to specific users?

Correct Answer: AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) allows you to create and manage users, groups, roles, and permissions in your AWS environment. With IAM, you can control who can access KMS, allowing only specific users to view, and manage your CMKs.

Question 3

You are dealing with sensitive financial data for your application. Given security and compliance requirements, it's crucial to encrypt the data before storing it on Amazon S3. Which of the following services would you use to create and manage the Customer Master Key (CMK) used for encrypting those objects?

Correct Answer: AWS Key Management Service (KMS)

AWS Key Management Service (KMS) provides an easy way to create, manage, and use cryptographic keys called Customer Master Keys (CMKs). These CMKs can be used with other AWS services like Amazon S3 that support integrating with KMS.

More Customer Master Key questions
15 questions (total)
Start 15 question test