ExpertEasy1 markMultiple Choice
AWS SAP-C02 · Question 04 · Domain 1.2: Security Controls
A financial company requires that all EBS volumes, S3 buckets, and RDS databases be encrypted using customer-managed keys. The company has a strict requirement that the cryptographic material must be generated and stored in a single-tenant hardware appliance under their exclusive control. Which AWS service should the architect use?
A financial company requires that all EBS volumes, S3 buckets, and RDS databases be encrypted using customer-managed keys. The company has a strict requirement that the cryptographic material must be generated and stored in a single-tenant hardware appliance under their exclusive control. Which AWS service should the architect use?
Answer options:
A.
AWS KMS with AWS managed keys
B.
AWS KMS with imported key material
C.
AWS CloudHSM
D.
AWS Secrets Manager
How to approach this question
Identify the service that provides single-tenant hardware security modules.
Full Answer
C.AWS CloudHSM✓ Correct
AWS CloudHSM
AWS CloudHSM provides a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud in a single-tenant appliance.
Common mistakes
Choosing KMS with imported material, missing the 'single-tenant hardware' requirement.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 7
75 questions · hints · full answers · grading
More questions from this exam
Q01A global enterprise is designing a multi-region network architecture connecting 50 AWS accounts a...HardQ02A company is migrating its hybrid network to AWS. They have two 10 Gbps AWS Direct Connect connec...HardQ03An enterprise has 100 AWS accounts in AWS Organizations. The security team mandates that all Amaz...MediumQ05An enterprise is designing a disaster recovery strategy for a critical application running on Ama...HardQ06A company is setting up a multi-account AWS environment using AWS Control Tower. They need to ens...Medium