AWS Cloud Practitioner Exam: Management of Encryption Keys in AWS Cloud

Manage Encryption Keys in AWS Cloud

Question

Which of the below-given service could be used in the AWS cloud for the management of encryption keys?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: C.

CloudHSM (HSM stands for Hardware Security Module) helps in the management of encryption keys.

Standards compliant CloudHSM is a fully-managed service.

Option A is INCORRECT.

Amazon Inspector helps improve the security and compliance adherence of the applications deployed on the AWS cloud.

Option B is INCORRECT.

Amazon Cognito is an AWS service for developers that simplifies user sign-up and sign-in to their developed mobile apps and web apps.

Option C is CORRECT.

Refer to the explanation above.

Option D is INCORRECT.

Amazon GuardDuty performs continuous monitoring to protect AWS account, S3 data and workloads from any malicious, unauthorized activities.

https://aws.amazon.com/inspector/ https://aws.amazon.com/cognito/ https://aws.amazon.com/cloudhsm/ https://aws.amazon.com/guardduty/

The correct answer for this question is C. CloudHSM.

CloudHSM (Hardware Security Module) is a service provided by AWS that helps in the management of encryption keys. It offers secure key storage and cryptographic operations within a dedicated hardware device. Customers can use CloudHSM to generate, store, and manage their own encryption keys for various AWS services and other applications.

CloudHSM uses FIPS 140-2 Level 3 validated HSMs and provides highly secure key storage, tamper-evident auditing, and access controls to customers. Customers can choose to have a single tenant or multi-tenant HSM in their environment, depending on their security requirements.

Amazon Inspector is a security assessment service that helps in identifying security issues and vulnerabilities in applications running on AWS infrastructure. It does not provide any key management functionality.

Amazon Cognito is an identity management service that provides user authentication, authorization, and user management for web and mobile applications. It does not provide any key management functionality.

Amazon GuardDuty is a threat detection service that continuously monitors AWS infrastructure for malicious activity and unauthorized behavior. It does not provide any key management functionality.

In summary, CloudHSM is the AWS service that can be used for the management of encryption keys in the cloud.