ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 88 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 88
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Security Architect is evaluating managed solutions for storage of encryption keys. The requirements are:
-Storage is accessible by using only VPCs.
-Service has tamper-evident controls.
-Access logging is enabled.
-Storage has high availability.
Which of the following services meets these requirements?

  • A. Amazon S3 with default encryption
  • B. AWS CloudHSM
  • C. Amazon DynamoDB with server-side encryption
  • D. AWS Systems Manager Parameter Store
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://aws.amazon.com/blogs/aws/aws-cloud-hsm-secure-key-storage-and-cryptographic-operations/
by BillyC at Aug. 28, 2019, 12:59 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sanjaym
Highly Voted 3 years, 6 months ago
Ans: B
upvoted 6 times
...
Sirmeysam
Highly Voted 3 years, 7 months ago
The only reason that I thought that HSM is not correct was the high availability of it. CloudHSM is not highly available, right?
upvoted 5 times
dcasabona
2 years, 9 months ago
No, it is HA.
upvoted 2 times
...
Paagee
3 years, 6 months ago
"AWS CloudHSM automates time-consuming HSM administrative tasks for you, such as hardware provisioning, software patching, high availability, and backups. " This is AWS fully managed service with HA built in. AWS CloudHSM automatically load balances requests and securely duplicates keys stored in any HSM to all of the other HSMs in the cluster.
upvoted 2 times
...
Jack_London
3 years, 6 months ago
Yes, which is why this question makes little/no sense. To achieve HA for CloudHSM one must build a cluster. So strictly speaking, either the HA part of question is wrong, or the answer should be sth like "build a CloudHSM cluster" You can read it here: https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html#cluster-high-availability-load-balancing
upvoted 4 times
...
...
ITGURU51
Most Recent 1 year, 11 months ago
Tamper proof=HSM B
upvoted 1 times
...
sapien45
2 years, 8 months ago
Selected Answer: B
Secure key storage in tamper-resistant hardware available in multiple Availability Zones (AZs) Your HSMs are in your Virtual Private Cloud (VPC) and isolated from other AWS networks https://aws.amazon.com/cloudhsm/features/
upvoted 2 times
...
fais1985
3 years, 6 months ago
B Is correct, HSM is one of the service which has Tamper-evident control & its Secured by VPC , https://aws.amazon.com/cloudhsm/features/
upvoted 4 times
...
NANDY666
3 years, 6 months ago
B is Correct
upvoted 2 times
...
devjava
3 years, 6 months ago
Ans > B
upvoted 3 times
...
Mike_1
3 years, 6 months ago
B !!!!!!!!!!!!!
upvoted 1 times
...
AfricanCloudGuru
3 years, 6 months ago
Ans(B)
upvoted 1 times
...
Mike_1
3 years, 6 months ago
B is the answer https://aws.amazon.com/cloudhsm/
upvoted 1 times
...
kj07
3 years, 6 months ago
Answer: B With the first requirement, you can eliminate answers A, C, D.
upvoted 2 times
...
rdy4u
3 years, 7 months ago
HSM is short for Hardware Security Module. It is a piece of hardware — a dedicated appliance that provides secure key storage and a set of cryptographic operations within a tamper-resistant enclosure.
upvoted 2 times
...
RoyWeiss
3 years, 7 months ago
BBB bbbbbBBb
upvoted 1 times
...
RajeshNayyar
3 years, 7 months ago
B, temper propf
upvoted 1 times
...
RakeshTaninki
3 years, 7 months ago
B is correct
upvoted 1 times
...
newbie2019
3 years, 7 months ago
B. HSM is for your dedicated VPC (no multi-tenant).
upvoted 3 times
...
INASR
3 years, 7 months ago
B for sure , Cloud HSM is only available in a VPC
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago