A company is developing a highly resilient application to be hosted on multiple Amazon EC2 instances. The application will store highly sensitive user data in Amazon RDS tables. The application must: Include migration to a different AWS Region in the application disaster recovery plan. Provide a full audit trail of encryption key administration events. Allow only company administrators to administer keys. Protect data at rest using application layer encryption. A Security Engineer is evaluating options for encryption key management. Why should the Security Engineer choose AWS CloudHSM over AWS KMS for encryption key management in this situation?
A) The key administration event logging generated by CloudHSM is significantly more extensive than AWS KMS.
B) CloudHSM ensures that only company support staff can administer encryption keys, whereas AWS KMS allows AWS staff to administer keys.
C) The ciphertext producer by CloudHSM provides more robust protection against brute force decryption attacks than the ciphertext produced by AWS KMS.
D) CloudHSM provides the ability to copy keys to a different Region, whereas AWS KMS does not.
Correct Answer:
Verified
Q76: A company uses identity federation to authenticate
Q77: A Security Engineer is implementing a solution
Q78: To meet regulatory requirements, a Security Engineer
Q79: A company's security policy requires that VPC
Q80: An AWS Lambda function was misused to
Q82: A recent security audit found that AWS
Q83: A company is operating an open-source software
Q84: A company is migrating its legacy workloads
Q85: For compliance reasons, a Security Engineer must
Q86: A company has an encrypted Amazon S3
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents