ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 409 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 409
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company uses AWS Organizations. The company has teams that use an AWS CloudHSM hardware security module (HSM) that is hosted in a central AWS account. One of the teams creates its own new dedicated AWS account and wants to use the HSM that is hosted in the central account.

How should a security engineer share the HSM that is hosted in the central account with the new dedicated account?

  • A. Use AWS Resource Access Manager (AWS RAM) to share the VPC subnet ID of the HSM that is hosted in the central account with the new dedicated account. Configure the CloudHSM security group to accept inbound traffic from the private IP addresses of client instances in the new dedicated account.
  • B. Use AWS Identity and Access Management (IAM) to create a cross-account role to access the CloudHSM cluster that is in the central account. Create a new IAM user in the new dedicated account. Assign the cross-account role the new IAM user.
  • C. Use AWS Single Sign-On to create an AWS Security Token Service (AWS STS) token to authenticate from the new dedicated account to the central account. Use the cross-account permissions that are assigned to the STS token to invoke an operation on the HSM in the central account.
  • D. Use AWS Resource Access Manager (AWS RAM) to share the ID of the HSM that is hosted in the central account with the new dedicated account. Configure the CloudHSM security group to accept inbound traffic from the private IP addresses of client instances in the new dedicated account.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by luisfsm_111 at Nov. 22, 2022, 1:49 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AdamWest
Highly Voted 2 years, 5 months ago
Selected Answer: A
A : Use AWS RAM to share VPC Subnet id - same article as luisfsm but highlighted the content. https://aws.amazon.com/premiumsupport/knowledge-center/cloudhsm-share-clusters/#:~:text=In%20the%20navigation%20pane%2C%20in,subnet%20ID%20for%20your%20CloudHSM.
upvoted 11 times
...
Toptip
Most Recent 1 year, 10 months ago
Selected Answer: A
sounds same type of question of SA Pro
upvoted 1 times
...
ITGURU51
1 year, 11 months ago
According to the AWS re:Post knowledge center12, you can use AWS Resource Access Manager (AWS RAM) to share subnets for the Amazon Virtual Private Cloud (Amazon VPC) containing your CloudHSM with other AWS accounts. You also need to configure the CloudHSM security group to allow the CloudHSM client to connect to the CloudHSM cluster. Therefore, the correct answer is A. Use AWS Resource Access Manager (AWS RAM) to share the VPC subnet ID of the HSM that is hosted in the central account with the new dedicated account. Configure the CloudHSM security group to accept inbound traffic from the private IP addresses of client instances in the new dedicated account. A
upvoted 1 times
...
examtopics_dummy
2 years, 2 months ago
Selected Answer: A
Must be A due to "Create a resource share with Account 1 for with other accounts" and "In Resources, choose the Amazon VPC subnet ID for your CloudHSM." https://aws.amazon.com/premiumsupport/knowledge-center/cloudhsm-share-clusters/
upvoted 2 times
...
ygen
2 years, 2 months ago
Selected Answer: A
https://aws.amazon.com/premiumsupport/knowledge-center/cloudhsm-share-clusters/
upvoted 2 times
...
awsec2
2 years, 3 months ago
i think D
upvoted 1 times
...
luisfsm_111
2 years, 5 months ago
Selected Answer: A
Looks like A, but can also be D: https://aws.amazon.com/premiumsupport/knowledge-center/cloudhsm-share-clusters/
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago