AWS Certified SysOps Administrator SOA-C01 – Question468

AWS Cloud Hardware Security Modules (HSMs) are designed to _____.

A.
store your AWS keys safely
B. provide another level of login security specifically for LDAP
C. allow AWS to audit your infrastructure
D. securely store cryptographic key material and use the key material without exposing it outside the cryptographic boundary of the appliance

Correct Answer: D

Explanation:

Explanation: A Hardware Security Module (HSM) is a hardware appliance that provides secure key storage and cryptographic operations within a tamper-resistant hardware device. They are designed to securely store cryptographic key material and also to be able to use this key material without exposing it out-side the cryptographic boundary of the appliance. Reference: https://aws.amazon.com/cloudhsm/faqs/