Answer-first summary for fast verification
Answer: KMS stores the CMK, and receives data from the clients, which it encrypts and sends back
A customer master key (CMK) is a logical representation of a master key. The CMK includes metadata, such as the key ID, creation date, description, and key state. The CMK also contains the key material used to encrypt and decrypt data. You can generate CMKs in KMS, in an AWS CloudHSM cluster, or import them from your key management infrastructure. AWS KMS supports symmetric and asymmetric CMKs. A symmetric CMK represents a 256-bit key that is used for encryption and decryption. An asymmetric CMK represents an RSA key pair that is used for encryption and decryption or signing and verification (but not both), or an elliptic curve (ECC) key pair that is used for signing and verification. AWS KMS supports three types of CMKs: customer-managed CMKs, AWS managed CMKs, and AWS owned CMKs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In the context of AWS services, which of the following explanations most accurately describes the operation of Key Management Service (KMS) Encryption?
A
KMS sends the CMK to the client, which performs the encryption and then deletes the CMK
B
KMS generates a new CMK for each Encrypt call and encrypts the data with it
C
KMS stores the CMK, and receives data from the clients, which it encrypts and sends back
D
KMS receives CMK from the client at every Encrypt call, and encrypts the data with that
No comments yet.