ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 789 discussion

Exam question from Amazon's AWS-SysOps
Question #: 789
Topic #: 1
[All AWS-SysOps Questions]

A company needs to migrate an on-premises asymmetric key management system into AWS.
Which AWS service should be used to accomplish this?

  • A. AWS Certificate Manager
  • B. AWS CloudHSM
  • C. AWS KMS
  • D. AWS Secrets Manager
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://aws.amazon.com/blogs/security/how-to-byok-bring-your-own-key-to-aws-kms-for-less-than-15-00-a-year-using-aws-cloudhsm/
by nicat at May 10, 2020, 3:42 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
proxyolism
Highly Voted 2 years, 7 months ago
I searched each of KMS and cloudHSM and I found same link that dll4835 said. Q: Can I bring my own keys to AWS KMS? Yes. You can import a copy of your key from your own key management infrastructure to AWS KMS and use it with any integrated AWS service or from within your own applications. You cannot import asymmetric CMKs into AWS KMS. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html this question is so needed narrow knowledge. as above said, KMS can import key except asymmetric CMKs. When you use an HSM from AWS CloudHSM, you can perform a variety of cryptographic tasks: Generate, store, import, export, and manage cryptographic keys, including symmetric keys and asymmetric key pairs. https://docs.aws.amazon.com/crypto/latest/userguide/awscryp-service-hsm.html you can import asymmetric CMKs by using CloudHSM. So the answer is B.
upvoted 10 times
joe_smoe
2 years, 6 months ago
@proxyolism - I agree with B, I say this because you are IMPORTING your key from your on-premise infrastructure to AWS. Any thoughts?
upvoted 2 times
...
tifoz
2 years, 7 months ago
But now AWS KMS also supports asymmetric keys: https://aws.amazon.com/about-aws/whats-new/2019/11/aws-key-management-service-supports-asymmetric-keys/
upvoted 2 times
srle
2 years, 6 months ago
It supports CREATING customer managed keys, NOT importing, so, the answer is B using Cloud HSM
upvoted 1 times
...
gilbertlelancelo
2 years, 7 months ago
Really? We have to know if this update is considered in the exam. I also see that asymetric keys support is not supported by all AWS region
upvoted 1 times
gilbertlelancelo
2 years, 7 months ago
*KMS asymetric keys is not supported by all AWS region
upvoted 1 times
...
...
...
...
dll4835
Highly Voted 2 years, 7 months ago
B. You cannot import asymmetric CMKs into AWS KMS https://aws.amazon.com/kms/faqs/
upvoted 8 times
AWS1212
2 years, 7 months ago
There seems to be conflicting information. The FAQ's does indeed state the KMS does not support Asymmetric keys, but this link says that KMS now does. https://aws.amazon.com/about-aws/whats-new/2019/11/aws-key-management-service-supports-asymmetric-keys/
upvoted 1 times
boboloboli
2 years, 6 months ago
Your link says that it supports creating asymmetric keys, but KMS still does not allow for IMPORTING asymmetric keys. https://aws.amazon.com/kms/features/
upvoted 1 times
Huy
2 years, 6 months ago
Importing key material and use as asymmetric key.
upvoted 1 times
Huy
2 years, 6 months ago
Sorry, it is symmetric key. B is correct.
upvoted 1 times
...
...
...
...
...
albert_kuo
Most Recent 9 months, 2 weeks ago
Selected Answer: B
AWS CloudHSM is a service that provides hardware security modules in the AWS Cloud. It allows you to generate, store, and manage cryptographic keys securely and perform cryptographic operations in a dedicated hardware device. CloudHSM is designed to offer high-security key storage and cryptographic operations, making it suitable for applications with stringent security and compliance requirements.
upvoted 1 times
...
69657
2 years, 3 months ago
B seems to be the answer here. Q: Can I bring my own keys to AWS KMS? Yes. You can import a copy of your key from your own key management infrastructure to AWS KMS and use it with any integrated AWS service or from within your own applications. You cannot import asymmetric KMS keys into AWS KMS. https://aws.amazon.com/kms/faqs/
upvoted 1 times
...
saki0915
2 years, 6 months ago
B. KMS supported asymmetric keys in October 2019. Therefore, HSM is the correct answer in the current exam.
upvoted 3 times
...
abhishek_m_86
2 years, 6 months ago
C : AWS KMS : Seems correct
upvoted 1 times
billcayman
2 years, 6 months ago
Read documentation before post answer here. Answer B.
upvoted 1 times
...
...
BKhan
2 years, 6 months ago
The answer is B: AWS KMS only support Symmetric Key whereas AWS CloudHSM support both Symmetric and Asymmetric
upvoted 1 times
...
jackdryan
2 years, 6 months ago
I'll go with B
upvoted 1 times
...
PartlyCloudy
2 years, 6 months ago
CloudHSM Not KMS because Imported key material is supported only for symmetric CMKs in AWS KMS key stores. It is not supported on asymmetric CMKs or CMKs in custom key stores. https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
upvoted 1 times
...
Jimmy5
2 years, 7 months ago
I have a feeling this was an old question before AWS KMS is able to support asymmetic keys. Which is why I would still choose B.
upvoted 5 times
...
rewiga
2 years, 7 months ago
This is a confusing question. From the link provied found this quote. "CloudHSM offers HSMs that are under your control, in your virtual private cloud (VPC). You can spin up an HSM device, create your key material, export it, import it into AWS KMS for use, "
upvoted 1 times
...
suba1234
2 years, 7 months ago
Should be B
upvoted 8 times
...
AWS_Noob
2 years, 7 months ago
C is correct
upvoted 2 times
...
nicat
2 years, 7 months ago
C. AWS KMS https://aws.amazon.com/about-aws/whats-new/2019/11/aws-key-management-service-supports-asymmetric-keys/
upvoted 4 times
proxyolism
2 years, 7 months ago
I agree with jaribu said. the link says create and use asymmetric CMKs only. there is no information how can import asymmetric CMKs or not. this question is asking about to migrate asymmetric CMKs not to create and use.
upvoted 1 times
...
jaribu
2 years, 7 months ago
With KMS you can do the following: Create keys; view ; edit; tag; enable and disable; download. But you can not import your keys. In CloudHSM you can do so.
upvoted 2 times
...
Golddust
2 years, 7 months ago
I didn't know it was now supported. Thanks for raising it. Curious which one should be used then between CloudHSM and KMS, since they don't mention single/multi tenancy?
upvoted 1 times
...
AWSvad
2 years, 7 months ago
Isn't CloudHSM a more suitable answer? KMS has traditionally only supported symmetric keys - and only began supporting asymmetric ones at the end of 2019.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago