Ends in

Get $3 OFF ALL CCP, SAA, CDA, and SysOps Video Courses!

Find answers, ask questions, and connect with our
community around the world.

  • Ezz

    March 21, 2020 at 5:08 pm


    Practice exams – section based, Category: SOA – Security and Compliance

    A well-funded cryptocurrency startup has a key management service in their on-premises data center, which uses RSA asymmetric encryption algorithm and stores encryption keys. They are urgently planning to integrate their system to a highly available, secure service in AWS with FIPS 140-2 compliance.

    As their SysOps Administrator, how can you implement this setup in a quick and efficient way?

    I chose KMS, KMS is FIPS 140-2 compliant (according to the AWS faq: AWS KMS is designed so that no one, including AWS employees, can retrieve your plaintext keys from the service. The service uses hardware security modules (HSMs) that have been validated under FIPS 140-2, or are in the process of being validated, to protect the confidentiality and integrity of your keys. https://aws.amazon.com/kms/features/)

    and the question didn’t mention that the customer needs a dedicated modules …

    It is mentioning an RSA asymmetric encryption, and KMS does support that. (https://aws.amazon.com/about-aws/whats-new/2019/11/aws-key-management-service-supports-asymmetric-keys/)

    Can you please explain why the CloudHSM is the correct answer?

    Kind Regards,

    • This discussion was modified 4 years, 4 months ago by  Ezz.
  • Tutorials-Dojo

    March 23, 2020 at 3:27 am

    Hi Ezz,

    Thank you for posting your question. AWS is always changing and they have a lot of updates on their service. There was a change quite recently (Nov 25, 2019) for AWS KMS:


    Take note that it will take about 6 months before any new change will be reflected in the actual AWS exam, as per the official AWS Certification FAQs:

    When AWS releases a new product or service, how soon will it appear on the exam?

    A new product, service, or feature must be generally available (GA) for 6 months prior to it appearing on a certification exam. Note that this applies only to certification exams, not training: training will cover new services and features more quickly. The AWS Certification team wants to ensure candidates have enough time to work with new services and features before they are assessed against the new material.



    We will eventually update this scenario after a few months when we have confirmed that AWS also updated its exam.

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!


    Jon Bonso @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018