AWS Certified Security – Specialty SCS-C01 – Question088 - AWS Certified Security

A Security Architect is evaluating managed solutions for storage of encryption keys. The requirements are:

Storage is accessible by using only VPCs.
Service has tamper-evident controls.
Access logging is enabled.
Storage has high availability.

Which of the following services meets these requirements?

A. Amazon S3 with default encryption
B. AWS CloudHSM
C. Amazon DynamoDB with server-side encryption
D. AWS Systems Manager Parameter Store

Correct Answer: B

Explanation:

Reference: https://aws.amazon.com/blogs/aws/aws-cloud-hsm-secure-key-storage-a…