AWS Certified Cloud Practitioner
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A security engineer wants a single-tenant AWS solution to create, control, and manage their own cryptographic keys to meet regulatory compliance requirements for data security.
Which AWS service should the engineer use?
Real Exam
Community
RRitesh
A
AWS Key Management Service (AWS KMS)
B
AWS Certificate Manager (ACM)
C
AWS CloudHSM
D
AWS Systems Manager
Explanation:
Explanation
AWS CloudHSM is the correct choice because:
-
Single-tenant solution: AWS CloudHSM provides dedicated Hardware Security Module (HSM) instances that are single-tenant, meaning you get exclusive access to the hardware
-
Full key control: You have complete control over your cryptographic keys - you generate, manage, and control the keys yourself
-
Regulatory compliance: Meets strict regulatory requirements such as FIPS 140-2 Level 3 compliance, which is often required for financial, healthcare, and government applications
-
Customer-managed keys: Unlike AWS KMS which is a multi-tenant service, CloudHSM gives you full ownership and control of your keys
Why not the other options:
-
AWS KMS: Multi-tenant service where AWS manages the underlying infrastructure
-
AWS Certificate Manager: Used for SSL/TLS certificates, not cryptographic key management
-
AWS Systems Manager: Configuration management service, not designed for cryptographic key management
CloudHSM is specifically designed for organizations that need dedicated hardware security modules to meet compliance requirements while maintaining full control over their cryptographic keys.
Comments
Loading comments...