Exam ANS-C00 topic 1 question 33 discussion

"When you create an AWS CloudHSM cluster with more than one HSM, you automatically get load balancing." Ref: https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html#cluster-high-availability-load-balancing

AS far as I know Cloud HSM balances the requests by itself, so the right answer should be "B". Am I wrong? Why?

Correct Answer B

B. AWS CloudHSM is a cryptographic service for creating and maintaining hardware security modules (HSMs) in your AWS environment. HSMs are computing devices that process cryptographic operations and provide secure storage for cryptographic keys. You can use AWS CloudHSM to offload SSL/TLS processing for web servers, protect private keys linked to an issuing certificate authority (CA). AWS CloudHSM organizes HSMs in clusters, which are automatically synchronized collections of HSMs within a given Availability Zone (AZ). By adding more HSMs to a cluster and distributing clusters across AZs, you can load balance the cryptographic operations being performed within your cloud environment and provide redundancy and high availability in case of AZ failure. Additionally, AWS CloudHSM periodically generates and stores backups of your clusters, making CloudHSM data recovery secure and simple. Ref: https://docs.aws.amazon.com/crypto/latest/userguide/awscryp-service-hsm.html

When you create an AWS CloudHSM cluster with more than one HSM, you automatically get load balancing. Load balancing means that the AWS CloudHSM client distributes cryptographic operations across all HSMs in the cluster based on each HSM's capacity for additional processing. When you create the HSMs in different AWS Availability Zones, you automatically get high availability. High availability means that you get higher reliability because no individual HSM is a single point of failure. We recommend that you have a minimum of two HSMs in each cluster, with each HSM in different Availability Zones within an AWS Region.

B is Correct like @ohcan & @dpvnme states

B is Correct.

It is indeed B based on the information on the link below which says "Load balancing means that the AWS CloudHSM client distributes cryptographic operations across all HSMs in the cluster based on each HSM's capacity for additional processing" https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html

I believe the answer is still "B" as The network load-balancer seems intended for the Web Servers and not the CloudHSM. (Optional) Step 5: Add a Load Balancer with Elastic Load Balancing After you set up SSL/TLS offload with one web server, you can create more web servers and an Elastic Load Balancing load balancer that routes HTTPS traffic to the web servers. A load balancer can reduce the load on your individual web servers by balancing traffic across two or more servers. It can also increase the availability of your website because the load balancer monitors the health of your web servers and only routes traffic to healthy servers. If a web server fails, the load balancer automatically stops routing traffic to it.

https://docs.aws.amazon.com/cloudhsm/latest/userguide/ssl-offload-add-load-balancing.html answer is A according to this link

agree its B

Then, is B correct?

The Cloud HSM balances the requests. True. The network load balancer is for the network traffic. I do not see anywhere that indicates Cloud HSM does network load balancing.