ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 645 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 645
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company is required to use cryptographic keys in its on-premises key manager. The key manager is outside of the AWS Cloud because of regulatory and compliance requirements. The company wants to manage encryption and decryption by using cryptographic keys that are retained outside of the AWS Cloud and that support a variety of external key managers from different vendors.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Use AWS CloudHSM key store backed by a CloudHSM cluster.
  • B. Use an AWS Key Management Service (AWS KMS) external key store backed by an external key manager.
  • C. Use the default AWS Key Management Service (AWS KMS) managed key store.
  • D. Use a custom key store backed by an AWS CloudHSM cluster.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by potomac at Nov. 7, 2023, 3:32 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pentium75
Highly Voted 1 year ago
Selected Answer: B
Keys are supposed to be managed "outside of the AWS cloud", thus A, C and D are out.
upvoted 7 times
...
potomac
Highly Voted 1 year, 1 month ago
Selected Answer: B
https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html
upvoted 5 times
...
evelynsun
Most Recent 1 year ago
Selected Answer: A
it's A. This solution is the LEAST operational overhead because it does not require the company to manage any infrastructure or software outside of the AWS Cloud. The AWS CloudHSM key store is managed by AWS, and the company can use it to store and manage its cryptographic keys without having to worry about the underlying infrastructure or software. The CloudHSM cluster is managed by AWS, and the company can use it to create and manage its cryptographic keys without having to worry about the hardware or software. the AWS CloudHSM key store can also be used for external key managers. The AWS CloudHSM key store is a managed key store that is backed by an AWS CloudHSM cluster. The AWS CloudHSM cluster is a managed service that is provided by AWS.
upvoted 1 times
pentium75
1 year ago
"The AWS CloudHSM key store is managed by AWS" which is exactly what this company does NOT want.
upvoted 6 times
...
...
evelynsun
1 year ago
it's A. This solution is the LEAST operational overhead because it does not require the company to manage any infrastructure or software outside of the AWS Cloud. The AWS CloudHSM key store is managed by AWS, and the company can use it to store and manage its cryptographic keys without having to worry about the underlying infrastructure or software. The CloudHSM cluster is managed by AWS, and the company can use it to create and manage its cryptographic keys without having to worry about the hardware or software. the AWS CloudHSM key store can also be used for external key managers. The AWS CloudHSM key store is a managed key store that is backed by an AWS CloudHSM cluster. The AWS CloudHSM cluster is a managed service that is provided by AWS.
upvoted 1 times
pentium75
1 year ago
"The AWS CloudHSM key store is managed by AWS" which is exactly what this company does NOT want.
upvoted 3 times
...
...
SHAAHIBHUSHANAWS
1 year ago
B https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html
upvoted 4 times
...
TariqKipkemei
1 year ago
Selected Answer: B
https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#:~:text=Document%20history-,External%20key%20stores,-PDF
upvoted 3 times
...
1rob
1 year, 1 month ago
Selected Answer: B
Answer A does not comply because aws cloudHSM is within aws Answer B is the correct answer because the company is required to use its on-premises key manager. Following https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html gives :An external key store is an AWS KMS custom key store backed by an external key manager outside of AWS that you own and control.(...) Answer C and D are both solutions in the aws cloud so that does not fit.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel