Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty KMS Or CloudHSM

  • Rohithaws

    Member
    December 12, 2022 at 9:43 pm

    Team,

    The below question is listed in one of the practice exams and the answer
    provided is AWS CloudHSM. However I think its should be AWS KMS as the
    question as for publishing logs to Cloud Watch. Please review and let me
    know

    The IT Security team is evaluating its strategy in storing the
    encryption keys used by various applications in the company’s VPC. The
    requirements are as follows:

    – You control and manage your own keys.

    – AWS should only manage the hardware security module appliance, but
    does not have access to your keys.

    – Improves application performance due to close proximity with AWS
    workloads. The storage should be accessible by using VPCs only.

    – Highly-available secure key storage in tamper-resistant hardware
    available in multiple Availability Zones (AZs).

    – Can publish audit logs to CloudWatch Logs.

  • Carlo-TutorialsDojo

    Administrator
    December 12, 2022 at 11:13 pm

    Hello Rohitaws,

    Thanks for your feedback.

    AWS CloudHSM is capable of sending audit logs to CloudWatch Logs. Please see the following documentation for more details:

    https://docs.aws.amazon.com/cloudhsm/latest/userguide/get-hsm-audit-logs-using-cloudwatch.html.

    Let me know if my answer helps.

    Regards,

    Carlo @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now