ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 300 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 300
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company's application team needs to host a MySQL database on AWS. According to the company's security policy, all data that is stored on AWS must be encrypted at rest. In addition, all cryptographic material must be compliant with FIPS 140-2 Level 3 validation.
The application team needs a solution that satisfies the company's security requirements and minimizes operational overhead.
Which solution will meet these requirements?

  • A. Host the database on Amazon RDS. Use Amazon Elastic Block Store (Amazon EBS) for encryption. Use an AWS Key Management Service (AWS KMS) custom key store that is backed by AWS CloudHSM for key management.
  • B. Host the database on Amazon RDS. Use Amazon Elastic Block Store (Amazon EBS) for encryption. Use an AWS managed CMK in AWS Key Management Service (AWS KMS) for key management.
  • C. Host the database on an Amazon EC2 instance. Use Amazon Elastic Block Store (Amazon EBS) for encryption. Use a customer managed CMK in AWS Key Management Service (AWS KMS) for key management.
  • D. Host the database on an Amazon EC2 instance. Use Transparent Data Encryption (TDE) for encryption and key management.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by khamrumunnu at Dec. 31, 2021, 2:47 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Radhaghosh
Highly Voted 3 years, 2 months ago
CloudHSM --> FIPS 140-2 Level 3 KMS --> FIPS 140-2 Level 2 A is the only Valid Option.
upvoted 12 times
...
jamesf
Most Recent 7 months, 4 weeks ago
Selected Answer: B
For now, the answer is B Currently KMS support FIPS 140-2 Level 3 Keywords: minimizes operational overhead so B better
upvoted 1 times
...
Raphaello
1 year, 2 months ago
Selected Answer: A
That's an old question. Now KMS uses HSM's that are FIPS 140-2 Level 3 compliant, same as CloudHSM. Therefore both A & B are correct now.
upvoted 2 times
...
yorkicurke
1 year, 3 months ago
Selected Answer: B
as of Now
upvoted 3 times
61cfe5f
9 months ago
https://aws.amazon.com/blogs/security/aws-kms-now-fips-140-2-level-3-what-does-this-mean-for-you/
upvoted 1 times
...
...
lmimi
1 year, 5 months ago
Now AWS KMS supports FIPS 140-2 Level 3 as well. So B should be the right answer due to minimizes operational overhead.
upvoted 3 times
...
Toptip
1 year, 10 months ago
Selected Answer: A
A easy one... FIPS 140-2 Level 3 = CloudHSM
upvoted 1 times
M2ao
1 year, 5 months ago
Now KMS is FIPS 140-2 Level 3 does that change the ans to B? https://aws.amazon.com/kms/faqs/
upvoted 3 times
Maffo102
1 year, 5 months ago
Yeah now B should be the right option
upvoted 2 times
...
...
...
ITGURU51
1 year, 12 months ago
A is the best answer because CloudHSM minimizes operational overhead and satisfies the security requirement. (FIPS 140-2 Level 3 encryption)
upvoted 1 times
...
abeb
2 years, 3 months ago
Never heard Amazon Elastic Block Store (Amazon EBS) is used for encryption !
upvoted 1 times
...
bazoch78
2 years, 3 months ago
Selected Answer: A
FIPS + RDS minimizes operational overhead
upvoted 1 times
...
D2
2 years, 4 months ago
Selected Answer: A
Answer A
upvoted 1 times
...
Sarksa
2 years, 8 months ago
Selected Answer: A
A is the valid answer due to FIPS = CloudHSM. Also, host database other than in RDS (in an AWS exam context) seems odd.
upvoted 1 times
...
dcasabona
2 years, 8 months ago
Selected Answer: A
Option A.
upvoted 1 times
...
sapien45
2 years, 9 months ago
Selected Answer: A
I am a simple man, I see FIPS 140-2 Level 3, I thing CloudHSM
upvoted 4 times
...
TigerInTheCloud
3 years ago
Selected Answer: A
FIPS 140-2 Level 3 filtered out all other choices
upvoted 2 times
...
ceros399
3 years, 1 month ago
Selected Answer: A
A - Needs to be CloudHSM which is the only compliant with FIPS 140-2 Level 3
upvoted 3 times
...
LearnMeSomeAWS
3 years, 3 months ago
CloudHSM only option that meets the FIPS req. - therefore gotta be "A".
upvoted 3 times
...
roger8978
3 years, 3 months ago
A. You can store your KMS customer master keys (CMKs) in a custom key store instead of the standard KMS key store. Custom key stores are created using an AWS CloudHSM cluster that you own and manage. This provides direct control of the hardware security modules (HSMs) that generate the key material for your CMKs and perform cryptographic operations with them.
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago