ExpertEasy1 markMultiple Choice
AWS SAA-C03 · Question 16 · Domain 1.3: Data Security
A company is using AWS Key Management Service (AWS KMS) to manage encryption keys. The security policy requires that all cryptographic material be generated and stored in a single-tenant hardware appliance that is under the company's exclusive control. <br/><br/>Which AWS service should the company use?
A company is using AWS Key Management Service (AWS KMS) to manage encryption keys. The security policy requires that all cryptographic material be generated and stored in a single-tenant hardware appliance that is under the company's exclusive control. <br/><br/>Which AWS service should the company use?
Answer options:
A.
AWS KMS with Customer Managed Keys
B.
AWS CloudHSM
C.
AWS Secrets Manager
D.
AWS KMS Custom Key Store
How to approach this question
Look for the keywords 'single-tenant hardware appliance'. This always points to CloudHSM.
Full Answer
B.AWS CloudHSM✓ Correct
AWS CloudHSM
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. It provides a single-tenant, dedicated appliance under your exclusive control.
Common mistakes
Assuming KMS provides single-tenant hardware.
Practice the full AWS SAA-C03 Practice Exam 4
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both res...EasyQ03A company is designing a web application that will be hosted on AWS. The application will use an ...MediumQ04A company is building a mobile app that requires users to authenticate using their social media a...HardQ05A solutions architect is designing a VPC for a three-tier web application. The database tier must...Medium