A company has an on-premise asymmetric key management service.
They want to implement a new key management service in AWS.
One key requirement is that the hardware security modules (HSMs) in the AWS Cloud are managed by the company.
How can you achieve this?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
With CloudHSM, you can operate your own HSMs for creating and controlling the encryption keys.
Option A is incorrect because AWS Artifact provides on-demand access to AWS security and compliance reports.
Option C is incorrect because with this service the company cannot manage its own HSMs.
Option D is incorrect because it is not a managed service for KMS.
For more information on AWS CloudHSM, please refer to the below URL-
https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.htmlThe correct answer to this question is B. Use AWS CloudHSM.
AWS CloudHSM is a hardware security module (HSM) service that provides secure key storage and cryptographic operations within the AWS Cloud. It is a dedicated hardware appliance that provides FIPS 140-2 Level 3 validated hardware security modules in the AWS Cloud. With CloudHSM, you can generate and use your own encryption keys in a secure manner, and you can control access to the HSMs.
Using AWS CloudHSM, the company can manage the HSMs in the AWS Cloud, providing the same level of control as they have with their on-premise asymmetric key management service. The company can use CloudHSM to securely generate and store cryptographic keys, perform cryptographic operations, and manage key access policies.
Option A, using AWS Artifact, is a service that provides on-demand access to AWS compliance reports and other documents. It is not related to key management or HSMs.
Option C, using AWS Secrets Manager, is a service that helps you protect secrets used by your applications. It provides a secure and scalable solution for storing and retrieving secrets, such as database passwords and API keys. While AWS Secrets Manager supports encryption, it is not a key management service that provides hardware security modules.
Option D, creating an EC2 instance to provision HSMs, is not a recommended solution for key management. Provisioning HSMs on EC2 instances may not provide the same level of security as CloudHSM. Additionally, managing and maintaining the HSMs on EC2 instances can be complex and time-consuming.