Home › Forums › AWS › AWS Certified Security – Specialty › KMS Or CloudHSM
-
Team,
The below question is listed in one of the practice exams and the answer
provided is AWS CloudHSM. However I think its should be AWS KMS as the
question as for publishing logs to Cloud Watch. Please review and let me
knowThe IT Security team is evaluating its strategy in storing the
encryption keys used by various applications in the company’s VPC. The
requirements are as follows:– You control and manage your own keys.
– AWS should only manage the hardware security module appliance, but
does not have access to your keys.– Improves application performance due to close proximity with AWS
workloads. The storage should be accessible by using VPCs only.– Highly-available secure key storage in tamper-resistant hardware
available in multiple Availability Zones (AZs).– Can publish audit logs to CloudWatch Logs.
-
Hello Rohitaws,
Thanks for your feedback.
AWS CloudHSM is capable of sending audit logs to CloudWatch Logs. Please see the following documentation for more details:
https://docs.aws.amazon.com/cloudhsm/latest/userguide/get-hsm-audit-logs-using-cloudwatch.html.
Let me know if my answer helps.
Regards,
Carlo @ Tutorials Dojo
Log in to reply.