Exam AWS-SysOps topic 1 question 771 discussion

A - the questions is asking to Store keys.

AWS CloudHSM (Hardware Security Module) is a dedicated hardware appliance that provides secure key storage and cryptographic operations. It offers a secure and tamper-resistant environment for generating and storing private keys, and performs cryptographic operations such as signing and decryption. CloudHSM ensures the private keys remain within a secure hardware device, providing an additional layer of protection against unauthorized access.

Answer => A => HSM. The Question here is that the company needs to handle cryptographic operations and store keys manually, whereas kms does it automatically by AWS

answer is A

A--- https://docs.aws.amazon.com/crypto/latest/userguide/awscryp-service-hsm.html Generate, store, import, export, and manage cryptographic keys, including symmetric keys and asymmetric key pairs.

A. AWS CloudHSM

Answer is A

Google the line in question "store the private keys and perform cryptographic signing operations in a secure environment" and the first thing you get is CloudHSM - https://docs.aws.amazon.com/crypto/latest/userguide/awscryp-service-hsm.html So my take is A considering all the facts

A is correct. the company is concerned about Key storage and SSL Acceleration / precessing in a secure environment. all of these points to Cloud HSM https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html https://docs.aws.amazon.com/cloudhsm/latest/userguide/ssl-offload.html

I'll go with A

other doc: https://docs.aws.amazon.com/cloudhsm/latest/userguide/ssl-offload-import-or-generate-private-key-and-certificate.html Import an Existing Private Key You might already have a private key and a corresponding SSL/TLS certificate that you use for HTTPS on your web server. If so, you can import that key into an HSM by doing the following: To import an existing private key into an HSM 1. Connect to your Amazon EC2 client instance. If necessary, copy your existing private key and certificate to the instance. 2. Run the following command to start the AWS CloudHSM client.

"store the private keys" = A. AWS CloudHSM

The correct answer is A https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html#certificate-authority

Ans A :- https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html#certificate-authority

Answer A. ACM will be in use only when we are integrating SSL with ELb, S3, CloudFront. Still we can encrypt imported private key because AWS do not play with the security. Cloud HsM: this will be utilized in general like based on the question asked and it well suited.

A https://docs.aws.amazon.com/cloudhsm/latest/userguide/use-cases.html#certificate-authority

Answer selected is correct. Use ACM. ACM will store key in KMS for you https://docs.aws.amazon.com/acm/latest/userguide/data-protection.html