AWS Certified Cloud Practitioner

Explanation

AWS CloudHSM is the correct choice because:

• Single-tenant solution: AWS CloudHSM provides dedicated Hardware Security Module (HSM) instances that are single-tenant, meaning you get exclusive access to the hardware
• Full key control: You have complete control over your cryptographic keys - you generate, manage, and control the keys yourself
• Regulatory compliance: Meets strict regulatory requirements such as FIPS 140-2 Level 3 compliance, which is often required for financial, healthcare, and government applications
• Customer-managed keys: Unlike AWS KMS which is a multi-tenant service, CloudHSM gives you full ownership and control of your keys

Why not the other options:

• AWS KMS: Multi-tenant service where AWS manages the underlying infrastructure
• AWS Certificate Manager: Used for SSL/TLS certificates, not cryptographic key management
• AWS Systems Manager: Configuration management service, not designed for cryptographic key management

CloudHSM is specifically designed for organizations that need dedicated hardware security modules to meet compliance requirements while maintaining full control over their cryptographic keys.