ExpertHard1 markMultiple Choice
AWS SAA-C03 · Question 19 · Domain 1.3: Data Security
A company uses AWS KMS to manage encryption keys. They have a requirement that the cryptographic key material must be generated and stored in a single-tenant hardware security module (HSM) under their exclusive control. Which AWS service or feature should they use?
A company uses AWS KMS to manage encryption keys. They have a requirement that the cryptographic key material must be generated and stored in a single-tenant hardware security module (HSM) under their exclusive control. Which AWS service or feature should they use?
Answer options:
A.
AWS KMS with AWS managed keys
B.
AWS KMS with Customer Managed Keys (CMK)
C.
AWS CloudHSM
D.
AWS Secrets Manager
How to approach this question
Identify 'single-tenant hardware security module' and 'exclusive control'. This points directly to CloudHSM.
Full Answer
C.AWS CloudHSM✓ Correct
AWS CloudHSM
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud in a single-tenant environment.
Common mistakes
Thinking KMS provides single-tenant HSMs by default.
Practice the full AWS SAA-C03 Practice Exam 7
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team needs...MediumQ02An application runs on Amazon EC2 instances and needs to access an Amazon S3 bucket. What is the ...EasyQ03A company wants to implement federated access to the AWS Management Console for its employees usi...MediumQ04A company is building a mobile application that requires users to sign in using their social medi...EasyQ05A security team wants to enforce MFA for all IAM users before they can terminate EC2 instances. H...Medium