AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A security engineer wants a single-tenant AWS solution to create, control, and manage their own cryptographic keys to meet regulatory compliance requirements for data security.

Which AWS service should the engineer use?

Real Exam

Community

RRitesh

AWS Key Management Service (AWS KMS)

AWS Certificate Manager (ACM)

AWS CloudHSM

AWS Systems Manager

Explanation:

Explanation

AWS CloudHSM is the correct choice because:

Single-tenant solution: AWS CloudHSM provides dedicated Hardware Security Module (HSM) instances that are single-tenant, meaning you get exclusive access to the hardware
Full key control: You have complete control over your cryptographic keys - you generate, manage, and control the keys yourself
Regulatory compliance: Meets strict regulatory requirements such as FIPS 140-2 Level 3 compliance, which is often required for financial, healthcare, and government applications
Customer-managed keys: Unlike AWS KMS which is a multi-tenant service, CloudHSM gives you full ownership and control of your keys

Why not the other options:

AWS KMS: Multi-tenant service where AWS manages the underlying infrastructure
AWS Certificate Manager: Used for SSL/TLS certificates, not cryptographic key management
AWS Systems Manager: Configuration management service, not designed for cryptographic key management

CloudHSM is specifically designed for organizations that need dedicated hardware security modules to meet compliance requirements while maintaining full control over their cryptographic keys.

Powered ByGemini-3 Flash

Comments

Loading comments...