A financial company requires that all EBS volumes, S3 buckets, and RDS databases be encrypted using customer-managed keys. The company has a strict requirement that the cryptographic material must be generated and stored in a single-tenant hardware appliance under their exclusive control. Which AWS service should the architect use?

Answer options:

AWS KMS with AWS managed keys

AWS KMS with imported key material

AWS CloudHSM

AWS Secrets Manager

How to approach this question

Identify the service that provides single-tenant hardware security modules.

Full Answer

C.AWS CloudHSM✓ Correct

AWS CloudHSM provides a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud in a single-tenant appliance.

Common mistakes

Choosing KMS with imported material, missing the 'single-tenant hardware' requirement.

Question 03 All questions Question 05

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 7

75 questions · hints · full answers · grading

More questions from this exam

Q01A global enterprise is designing a multi-region network architecture connecting 50 AWS accounts a...Hard Q02A company is migrating its hybrid network to AWS. They have two 10 Gbps AWS Direct Connect connec...Hard Q03An enterprise has 100 AWS accounts in AWS Organizations. The security team mandates that all Amaz...Medium Q05An enterprise is designing a disaster recovery strategy for a critical application running on Ama...Hard Q06A company is setting up a multi-account AWS environment using AWS Control Tower. They need to ens...Medium

View all 75 questions →