Answer-first summary for fast verification
Answer: AWS CloudHSM
## Explanation **AWS CloudHSM** is the correct choice because: - **Single-tenant solution**: AWS CloudHSM provides dedicated Hardware Security Module (HSM) instances that are single-tenant, meaning you get exclusive access to the hardware - **Full key control**: You have complete control over your cryptographic keys - you generate, manage, and control the keys yourself - **Regulatory compliance**: Meets strict regulatory requirements such as FIPS 140-2 Level 3 compliance, which is often required for financial, healthcare, and government applications - **Customer-managed keys**: Unlike AWS KMS which is a multi-tenant service, CloudHSM gives you full ownership and control of your keys **Why not the other options:** - **AWS KMS**: Multi-tenant service where AWS manages the underlying infrastructure - **AWS Certificate Manager**: Used for SSL/TLS certificates, not cryptographic key management - **AWS Systems Manager**: Configuration management service, not designed for cryptographic key management CloudHSM is specifically designed for organizations that need dedicated hardware security modules to meet compliance requirements while maintaining full control over their cryptographic keys.
Author: Ritesh Yadav
Ultimate access to all questions.
A security engineer wants a single-tenant AWS solution to create, control, and manage their own cryptographic keys to meet regulatory compliance requirements for data security.
Which AWS service should the engineer use?
A
AWS Key Management Service (AWS KMS)
B
AWS Certificate Manager (ACM)
C
AWS CloudHSM
D
AWS Systems Manager
No comments yet.